저번 포스트에서는 KVM 을 이용하여 node 2대 를 구성 하였습니다.

controller node / compute node

controller node 에서는

Identity Service Keystone , Image Service Glance , DashBoard horizon , Block Storage Cinder 까지 구성 하였으며

나머지 노드인 compute node 의 경우 nova 를 설치 하였습니다. Block Storage Cinder 의 local LVM 부분의 경우 차후 테스가 필요할것으로 보입니다.

 

kvm 의 vnc 환경이나 X11 포워딩 환경을 사용하여 http://controller/dashboard 에 접속을 합니다.

Horizon login

프로젝트 생성

Identity (인증) 에 Projects (프로젝트) 에 보면 Create Project 버튼이 있습니다.

해당 버튼을 클릭하여 Project 를 생성 합니다.

Identity -> Projects

 

프로잭트 생성

(프로잭트 생성후 변경사항이 있는 경우 Edit 버튼을 클릭하여 수정 할수 있습니다.)

Project Information: Name 이름 / Description 설명 등을 변경 할수 있습니다.

Project Members: 목록에 등록된 사용자를 프로젝트 멤버로 추가 할수 있습니다.

Project Groups: 프로젝트끼리 모아 프로젝트 Group 으로 생성 할수 있습니다.

Quotas : 가상 자원을 설정 할수 있습니다.

 

사용자 생성

Identity -> Users

Create User 를 클릭하여 사용자를 생성 합니다.

유저생성 화면

User Name , Password , Primary Project 에서 devop1 을 추가 합니다.

 

dashboard Sign Out후 Test 유저로 로그인을 합니다.

정상적으로 로그인 되면 아래와 같은 화면을 볼수 있습니다.

 

CLI 에서  User 생성

domain 의 경우 최초 설치시 만든 default 를 사용 –description 에 devop2 test 추가 devop2 project 를 생성

[root@controller ~]# . admin-openrc
[root@controller ~]# openstack project create --domain default --description "devop2 test" devop2
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | devop2 test                      |
| domain_id   | default                          |
| enabled     | True                             |
| id          | ce7f352aca0a43bfacdb3ce4a9e0bc28 |
| is_domain   | False                            |
| name        | devop2                           |
| parent_id   | default                          |
+-------------+----------------------------------+
[root@controller ~]#

 

test2 유저 생성

[root@controller ~]# openstack user create --domain default --password-prompt test2
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | cd2b7e39737341a580d0498070fd552b |
| name                | test2                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

추가 할수 있는 role 확인

[root@controller ~]# openstack role list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 533ffbca67d344c999b9fe46e59f815d | user     |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| ddc592d225f14fa8b643fd55b76e43db | admin    |
+----------------------------------+----------+
[root@controller ~]#

 

user role 추가 및 user list 확인

[root@controller ~]# openstack role add --project devop2 --user test2 user
[root@controller ~]# openstack user list
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 086236627c6840d6ae7476e6241ab30d | placement |
| 0b1296a18d5f4eeaabe2bea439ff38d3 | neutron   |
| 64384bdac78b4188a0eebd245015cb72 | cinder    |
| 6733baa0f87648ff8d7c9faa8fbd4c1b | nova      |
| b5c44ea3ba234938b7701192a53a2494 | admin     |
| cd2b7e39737341a580d0498070fd552b | test2     |
| d1f577fea8ca42b183d99b586f2bf023 | glance    |
| d726706bc404497697c36518a144bea4 | test      |
| ea81fbf3c60c46b38767fc318b90eb18 | demo      |
+----------------------------------+-----------+
[root@controller ~]#

 

Openstack Pike 설치

Openstack 을 테스트 중이며 정상적인 작동을 보장하지 않습니다. 

포스팅 내용은 수정이 될수 있는점을 참고 하시기 바랍니다.

문서 업데이트 내역

최초작성 v0.0 2017-11-23

문서버전 v0.1 2017-11-30 Openstack Cinder 설치 완료

문서버전 v0.2 2017-12-01 linuxbridge_agent eth Device 수정 및 selinux enable or iptables rule 추가

문서버전 v0.3 2017-12-02 nova 실행시 iptables -> firewalld로 변경 하여 테스트

문서버전 v0.4 2017-12-03 KVM Network 변경후 테스트

 

한글 설치 가이드 의 경우 ocata 참고

https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/common/conventions.html#

영문 설치 가이드의 경우 Pike 를 참고

https://docs.openstack.org/install-guide/common/conventions.html#notices

 

네트워크 구성및 kvm 구성은 차후 작성 하겠습니다.

일부내용의 경우 공식설치 가이드와 상이한 부분이 있습니다.

네트워크 구성의 경우 Test 가 진행중이며 해당 내용에 따라 문서의 network 부분이 변경될수 있습니다.

 

KVM 을 이용하여 2개의 network 구성후 작업

controller node / compute node

 

Network 구성 

eth0 의 경우 nat를 통한 외부 접속이 가능한 192망 이고, eth1 의 경우 controller 망으로 사용할 40망 입니다.

프로바이더 네트워크인 eth1 의 경우 임시로 ip 를 설정하여 Opnestack 설치용으로 사용 합니다.

해당 내역은 테스트 중입니다.

 

controller = eth0 + eth1

관리용 네트워크 eth0 = ip 40.0.0.101/24 (management network 추가)

프로바이더 네트워크 eth1 = ip  192.168.122.0/24

(Deafult NAT 이용)

 

compute = eth0 + eth1 

관리용 네트워크 eth0 = ip 40.0.0.102/24 (management network 추가) 임시 Gateway 192.168.122.1 사용

프로바이더 네트워크 eth1 = ip 192.168.122.0/24  (Deafult NAT 이용)

 

iptables

[root@controller ~]# yum install -y iptables-services
[root@controller ~]# systemctl enable iptables
[root@controller ~]# systemctl enable ip6tables

 

 

 

Controller node

 

/etc/hosts 수정

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
40.0.0.101      controller

 

/etc/hostname 수정

[root@controller ~]# vi /etc/hostname
controller

 

chrony 설치

[root@controller ~]# yum install -y chrony

 

/etc/chrony.conf 설정 변경

[root@controller ~]# vi /etc/chrony.conf

allow 40.0.0.0/24

[root@controller ~]# systemctl enable chronyd
[root@controller ~]# systemctl start chronyd

 

controller Server 에서 작업

저장소 활성화

[root@controller ~]# yum install  -y https://repos.fedorapeople.org/repos/openstack/openstack-pike/rdo-release-pike-1.noarch.rpm

 

openstack-pike 설치

[root@controller ~]# yum install -y centos-release-openstack-pike
[root@controller ~]# yum install -y openstack-utils

openstack-config 명령을 사용하기 위하여 openstack-utils 를 설치 합니다.

 

Package upgrade 및 리부팅

[root@controller ~]# yum update -y
[root@controller ~]# init 6

 

python-openstackclient 설치

[root@controller ~]# yum install -y python-openstackclient

 

openstack-selinux 설치

[root@controller ~]# yum install -y openstack-selinux
[root@controller ~]# init 6

 

openstack site: https://docs.openstack.org/install-guide/environment-sql-database-rdo.html

mariadb 설치

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

 

openstack.cnf 파일 생성

[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 40.0.0.101

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
max_connections=32000
max_connect_errors=1000

 

mariadb 실행

[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service

 

mariadb 설정

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@controller ~]#

 

rabbitmq-server 설치

[root@controller ~]# yum install -y rabbitmq-server

 

rabbitmq-server service enable 및 실행

[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service

 

rabbitmq 계정 추가 rabbitmq 권한 설정

[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
[root@controller ~]# 
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@controller ~]#

 

memcached 설치

[root@controller ~]# yum install -y memcached python-memcached

 

/etc/sysconfig/memcached 파일 편집 

[root@controller ~]# vi /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"

 

memcached enable 및 실행

[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service

 

keystone DB 생성

[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]>  GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
     IDENTIFIED BY 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>  GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
     IDENTIFIED BY 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye
[root@controller ~]#

 

Identity Service Keystone

 

openstack site :https://docs.openstack.org/keystone/pike/install/

keystone 설치

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi

–test 12-06

/etc/keystone/keystone.conf 수정

[root@controller ~]# vi /etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone



[token]
provider = fernet

 

/etc/keystone.conf 수정 // Test 중

openstack-config --set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
openstack-config --set /etc/keystone/keystone.conf cache enabled true
openstack-config --set /etc/keystone/keystone.conf cache memcache_servers controller:11211
openstack-config --set /etc/keystone/keystone.conf memcache servers controller:11211
openstack-config --set /etc/keystone/keystone.conf token expiration 3600
openstack-config --set /etc/keystone/keystone.conf token provider fernet

 

 

 

identity 서비스 데이터 베이스 입력 

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

 

Fernet 키 저장소 초기화 

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

identity 서비스를 부트스트래핑 

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

 

apache 서버 구성

 

httpd.conf 수정

[root@controller ~]# vi /etc/httpd/conf/httpd.conf
ServerName controller

 

wsgi-keystone.conf 파일 링크 생성 

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

 

httpd Service enable 및 실행 

[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service

 

임시 환경 변수 입력 

[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=ADMIN_PASS
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3

 

service 프로젝트 생성

[root@controller ~]# openstack project create --domain default \
 --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | e02fcf8fd5204f5293eadf3a65d14f76 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
[root@controller ~]#

 

demo 프로젝트 생성 

[root@controller ~]# openstack project create --domain default \
 --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | e267fd20523944178b7e7c443b3b0190 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
[root@controller ~]#

 

demo 사용자 생성

DEMO_PASS 입력

[root@controller ~]# openstack user create --domain default \
 --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fd8fdd89e95c47e4bbf808622e8712af |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]#

 

user 역할 생성

[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | aaf7906d0fc844959527cfcde3e1dab4 |
| name | user |
+-----------+----------------------------------+
[root@controller ~]#

 

demo 프로젝트 사용자 user 역할 추가 

[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]#

 

사용자 테스트를 위하여 환경변수를 unset 합니다. 

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

 

 

ADMIN_PASS 입력

[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-11-28T15:30:29+0000                                                                                                                                                                |
| id         | gAAAAABaHXMFaPfvhX4e6R7Jb3jThwrnctwrEZQKV6Xfv5X-FcQXQuWU-sTQbOrYpPvJuye1LM1yNuUQXZXgK8zL0yPW6xjcPaFGU5wjNp7HiVIXcJQyi5dTd9kFwMNpB94Zoqe4uHLyFR-VGzcKFueUTuPhEOrRRtITmE2vzlfog23ZrQZM6vk |
| project_id | 95d905a1b12544b48ba6e4b43a85ef0b                                                                                                                                                        |
| user_id    | b9a2717e56244411a9cf7b1b52073602                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#

 

DEMO_PASS 입력

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-11-28T15:31:39+0000                                                                                                                                                                |
| id         | gAAAAABaHXNLqqz_zEJ2Sjs8dV4AwZo9UvX5Gj2ImioeA6dFeFo0Vg2b2DSu_B3sgEJRTU49sF3e2WaweASbYSg_wFlGfdPA6N7HG2KZclpRrL3x94RFqpdpRfkq61N0qLm1JImL4sXCbNRLmHMZSfzxEIAFkxgYs1hgqFv2mzvS3a-dz0XHq4E |
| project_id | 25325c467e544a599764f51260b05d1a                                                                                                                                                        |
| user_id    | 6478fac787444bb98385714d76a21a4a                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#

 

admin 과 demo 의 사용자 클라이언트 환경 스크립트 생성

admin-openrc 파일생성

[root@controller ~]# vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

 

demo-openrc 파일생성

[root@controller ~]# vi demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

 

세션 재접속후 테스트 

root@controll's password:
Last login: Tue Nov 28 23:05:01 2017 from gateway
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2017-11-28T15:34:34+0000                                                                                                                                                                |
| id         | gAAAAABaHXP6JvekS_E1r7rZWI4d89Pb-rwfVOiZ-5Aqm8dRGzFuCfaDGK-HoshnbLlSUmrEU-Rr4zi9a9WXbpQSbbXnj1W3VwuJDz2tMluB9X2y5R7eUvxHkQHC_TBgtzCbxnwjG30fndFdbWqOvtIw2ZQUjzJOA3i9URQoHAkldEzsp9D0Vwo |
| project_id | 95d905a1b12544b48ba6e4b43a85ef0b                                                                                                                                                        |
| user_id    | b9a2717e56244411a9cf7b1b52073602                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#

 

Image Service glance

 

openstack site : https://docs.openstack.org/glance/pike/install/

 

glance DB 생성

[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>  CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
       IDENTIFIED BY 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
       IDENTIFIED BY 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit;
Bye
[root@controller ~]#

 

오픈스택 glance 유저 생성 

GLANCE_PASS 입력 

[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 7490f9bcc3894b5d8344f586b8f861b6 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

glance 사용자 추가및 service 프로젝트 추가 

[root@controller ~]# openstack role add --project service --user glance admin

 

glance 서비스 엔티티를 생성 합니다. 

[root@controller ~]# openstack service create --name glance \
   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 540df478eb89412d86534ef55831423a |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[root@controller ~]#

 

이미지 서비스 PAI 엔드포인트를 생성 #3-1

[root@controller ~]# openstack endpoint create --region RegionOne \
   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a394bb427fb7408c970181dc46f1a6c0 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 540df478eb89412d86534ef55831423a |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]#

 

이미지 서비스 PAI 엔드포인트를 생성 #3-2

[root@controller ~]# openstack endpoint create --region RegionOne \
   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e6713b032e4a480b81ce16593f274d02 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 540df478eb89412d86534ef55831423a |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]#

 

이미지 서비스 PAI 엔드포인트를 생성 #3-3

[root@controller ~]# openstack endpoint create --region RegionOne \
   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | dc473a0788e04f6baad4310177f4bad8 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 540df478eb89412d86534ef55831423a |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]#

 

openstack-glance 패키지 설치

[root@controller ~]# yum install -y openstack-glance

 

glance-api.conf 파일 수정 database , keystone_authtoken , paste_deploy , glance_store )

[root@controller ~]# vi /etc/glance/glance-api.conf


[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS


[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

 

openstack-config Test 중

openstack-config --set /etc/glance/glance-api.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone 
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http 
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file 
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

 

 

glance-registry.conf 파일 수정 ( database , keystone_authtoken , paste_deploy )

[root@controller ~]# vi /etc/glance/glance-registry.conf

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS


[paste_deploy]
flavor = keystone

 

openstack-config Test 중

openstack-config --set /etc/glance/glance-registry.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller

openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_serverscontroller:11211 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance 

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

 

 

 

이미지 서비스 데이터 베이스 추가

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1328: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial
INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata01, add visibility to and remove is_public from images
INFO  [alembic.runtime.migration] Running upgrade ocata01 -> pike01, drop glare artifacts tables
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: pike01, current revision(s): pike01
[root@controller ~]#

deprecated 메시지는 무시 해도 상관 없없습니다. 

 

openstack-glance Service 자동실행 추가및 Service Start 

[root@controller ~]# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service
[root@controller ~]#

 

glance image 등록

[root@controller ~]# yum install -y wget
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" \
  --file cirros-0.3.5-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | f8ab98ff5e73ebab884d80c9dc9c7290                     |
| container_format | bare                                                 |
| created_at       | 2017-11-28T14:56:00Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/3e4448dd-5399-4fff-934e-bde198f6d9fa/file |
| id               | 3e4448dd-5399-4fff-934e-bde198f6d9fa                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 95d905a1b12544b48ba6e4b43a85ef0b                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13267968                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2017-11-28T14:56:00Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
[root@controller ~]#

 

image 확인 

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 3e4448dd-5399-4fff-934e-bde198f6d9fa | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]#

 

3. Compute Service

openstack site : https://docs.openstack.org/nova/pike/install/

firewalld Disable 경우 해당 설정 부터 Disable 

nova DB 생성 

[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE nova_api;

MariaDB [(none)]> CREATE DATABASE nova;

MariaDB [(none)]> CREATE DATABASE nova_cell0;



MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
       IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
       IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
       IDENTIFIED BY 'NOVA_DBPASS';



MariaDB [(none)]>  GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
       IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
       IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
       IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> flush privileges;

MariaDB [(none)]> quit;
Bye
[root@controller ~]#

 

nova 사용자 생성

NOVA_PASS 입력

[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | afcfca3df8034c25b0fd8f834bd08259 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

nova 사용자에 admin role 추가 

[root@controller ~]# openstack role add --project service --user nova admin

 

nova 서비스 엔티티 생성

[root@controller ~]# openstack service create --name nova \
   --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | f281d4d6ea18441ca117a57f5b9dcb5b |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@controller ~]#

 

Compute API 서비스 엔드포인트를 생성

[root@controller ~]# openstack endpoint create --region RegionOne \
   compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 75521f33cb1744f4b573a3e6b90e1acc |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f281d4d6ea18441ca117a57f5b9dcb5b |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 48313bf38bf74559bc5dcc346f2a1309 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 78883460454a4fc6940ef56d6acf57e7 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+
[root@controller ~]#
[root@controller ~]# openstack endpoint create --region RegionOne \
   compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 20c9795a55a3457c9e817c96b5518df3 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f281d4d6ea18441ca117a57f5b9dcb5b |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+
[root@controller ~]#

 

PLACEMENT_PASS 입력  / placement 서비스 사용자 생성

[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | df2929587a264f0ebc914ac010f39538 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

서비스 프로젝트에 placement 사용자 추가 

[root@controller ~]# openstack role add --project service --user placement admin

 

서비스 카탈로그에 Placement API 항목을 생성

[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | e9eae3013f2e4f7cb9a97676c6dff706 |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+
[root@controller ~]#

 

Placement API 서비스 엔드포인트를 생성

[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a0a6d335c64b45be982917837fc22bc9 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e9eae3013f2e4f7cb9a97676c6dff706 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 628ce318919a49c491422f02e22a361d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e9eae3013f2e4f7cb9a97676c6dff706 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 781854c9caa34d2495104d9640353f49 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e9eae3013f2e4f7cb9a97676c6dff706 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+
[root@controller ~]#

 

nova 패키지 설치

[root@controller ~]# yum install -y openstack-nova-api openstack-nova-conductor \
   openstack-nova-console openstack-nova-novncproxy \
   openstack-nova-scheduler openstack-nova-placement-api

 

nova.conf 수정

[root@controller ~]# vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 40.0.0.101
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver


[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api


[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova


[api]
auth_strategy = keystone


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS


[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip


[glance]
api_servers = http://controller:9292


[oslo_concurrency]
lock_path = /var/lib/nova/tmp


[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS




 

00-nova-placement-api 파일 수정 (수정을 안했을 경우 아래와 같은 현상발생)

Due to a packaging bug, you must enable access to the Placement API by adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:

[root@controller ~]# vi /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

00-nova-placement-api 파일 수정 안했을 경우 확인할수 있는 내역

httpd 재시작

[root@controller ~]# systemctl restart httpd

 

아래 내역은 00-nova-placement-api 설정을 안했을 경우 나타나는 현상입니다.

nova-placement-api.log 확인시 denied messages 확인

[root@controller ~]# tail -f /var/log/nova/nova-placement-api.log
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
AH01630: client denied by server configuration: /usr/bin/nova-placement-api
^C

 

compute node 리부팅전 controller 에서 확인시 Result: Warning 메시지 확인 

[root@controller ~]# nova-status upgrade check
+-------------------------------------------------------------------+
| Upgrade Check Results                                             |
+-------------------------------------------------------------------+
| Check: Cells v2                                                   |
| Result: Success                                                   |
| Details: None                                                     |
+-------------------------------------------------------------------+
| Check: Placement API                                              |
| Result: Success                                                   |
| Details: None                                                     |
+-------------------------------------------------------------------+
| Check: Resource Providers                                         |
| Result: Warning                                                   |
| Details: There are no compute resource providers in the Placement |
|   service but there are 1 compute nodes in the deployment.        |
|   This means no compute nodes are reporting into the              |
|   Placement service and need to be upgraded and/or fixed.         |
|   See                                                             |
|   http://docs.openstack.org/developer/nova/placement.html         |
|   for more details.                                               |
+-------------------------------------------------------------------+
[root@controller ~]#

(해당현상의 경우 firewalld Disable 로 해결 할수 있으나.. )

 

firewalld Disable 후 시스템 리부팅후 nova-manage 명령어 다시실행

[root@controller ~]# nova-status upgrade check
+------------------------------------------------------------------+
| Upgrade Check Results                                            |
+------------------------------------------------------------------+
| Check: Cells v2                                                  |
| Result: Failure                                                  |
| Details: No host mappings found but there are compute nodes. Run |
|   command 'nova-manage cell_v2 simple_cell_setup' and then       |
|   retry.                                                         |
+------------------------------------------------------------------+
| Check: Placement API                                             |
| Result: Success                                                  |
| Details: None                                                    |
+------------------------------------------------------------------+
| Check: Resource Providers                                        |
| Result: Success                                                  |
| Details: None                                                    |
+------------------------------------------------------------------+
[root@controller ~]# nova-manage cell_v2 simple_cell_setup
Cell0 is already setup
[root@controller ~]# nova-status upgrade check
+---------------------------+
| Upgrade Check Results     |
+---------------------------+
| Check: Cells v2           |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Placement API      |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Resource Providers |
| Result: Success           |
| Details: None             |
+---------------------------+
[root@controller ~]#

 

 

warning message 확인시 : https://docs.openstack.org/releasenotes/keystonemiddleware/ocata.html

service_token_roles_required false 로 설정 되어 있는것을 확인
True 로 설정을 바꾸면 해결? // Test 시 동일한 문제 발생

# openstack-config --set /etc/nova/nova.conf keystone_authtoken service_token_roles_required True

openstack-config 명령어 사용시 openstack-utils 패키지 필요

차후 firewalld Disable 및 iptables 작업후 nova 설치하여 테스트 필요!!

 

compute node Rebooting 후 확인시

[root@controller ~]# nova-status upgrade check
+---------------------------+
| Upgrade Check Results     |
+---------------------------+
| Check: Cells v2           |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Placement API      |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Resource Providers |
| Result: Success           |
| Details: None             |
+---------------------------+
[root@controller ~]#

위의 내역의 경우 확인 내역이며 셋팅은 아래 내용부터 하시면 됩니다. 

 

nova-api 데이터 베이스 등록

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

 

cell0 데이터 베이스 등록

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

 

cell1 셀을 생성 

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

 

nova 데이터 베이스 등록 

[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
[root@controller ~]#

(해당 메시지 부분의 경우 원인을 찾을수 없음)

 

nova cell0 cell1이 정확하게 등록 되었는지 확인 

[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
|  Name |                 UUID                 |           Transport URL            |               Database Connection               |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | fbfd4a7d-3bcb-478a-b13c-6557c7c9acfe | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
[root@controller ~]#

 

firewall-cmd 명령어

[root@controller ~]# firewall-cmd --permanent --add-port=5672/tcp
success
[root@controller ~]# firewall-cmd --reload
success
[root@controller ~]#

 

openstack-nova-api enable 및 Service 실행

[root@controller ~]# systemctl enable openstack-nova-api.service \
   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
   openstack-nova-conductor.service openstack-nova-novncproxy.service

[root@controller ~]# systemctl start openstack-nova-api.service \
   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]#

 

 

 

 

 

compute 에서 작업

firewalld Disable 시 해당 작업 내역에서 진행 하시면 됩니다.

저장소 활성화 및 update 

[root@compute ~]# yum install  -y https://repos.fedorapeople.org/repos/openstack/openstack-pike/rdo-release-pike-1.noarch.rpm
[root@compute ~]# yum update -y
[root@compute ~]# init 6

 

openstack-selinux 패키지 설치

[root@compute ~]# yum install -y openstack-selinux
[root@compute ~]# init 6

 

openstack-nova-compute 설치

[root@controller ~]# yum install -y openstack-nova-compute

 

nova.conf 수정

[root@compute ~]# vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 40.0.0.102
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver


[api]
auth_strategy = keystone


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS


[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html


[glance]
api_servers = http://controller:9292


[oslo_concurrency]
lock_path = /var/lib/nova/tmp


[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS

[libvirt]
virt_type = qemu

 

virt_type 의 경우 아래와 같이 확인 하실수 있습니다.

[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
0

0 의 경우 qemu 설정 0 이외의 경우 kvm 으로 설정 합니다.

 

qemu 사용시

[root@compute ~]# yum install libguestfs-tools

 

 

예전방식으로 iptables Rule 을 추가시 아래내용 설정 firewalld 환경에서는 시스템 리부팅 해당 설정이 삭제 됩니다.

iptable 추가 후 iptables 저장및 재시작 (controller node / compute node 작업해야함)

[root@compute ~]# iptables -A IN_public_allow -p tcp -m tcp --dport 5672 -m conntrack --ctstate NEW -j ACCEPT
[root@controller ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@controller ~]#
[root@controller ~]# systemctl restart iptables

 

or firewall-cmd 명령어

[root@controller ~]# firewall-cmd --permanent --add-port=5672/tcp
success
[root@controller ~]# firewall-cmd --reload
success
[root@controller ~]#

 

iptables  Rule을 사용할 경우 패키지 설치

controller node

[root@controller ~]# yum install -y iptables-services

 

System Rebooting 시 iptables 가 동작하지 않는 이유???

firewalld Disable 및 iptables 로 바꾸는 작업이 필요 (iptables 을 사전작업으로 하고 nova Test 필요)

[root@compute ~]# systemctl mask firewalld
[root@compute ~]# systemctl enable iptables
[root@compute ~]# systemctl enable ip6tables

 

openstack-nova-compute enable 및 실행

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

 

정상적으로 nova-compute 가 실행 안될때

[root@compute ~]# tail -f /var/log/nova/nova-compute.log
2017-11-29 01:41:31.993 1840 ERROR oslo.messaging._drivers.impl_rabbit [req-bc6c79e0-5d57-454c-b8bb-c1fd04706b18 - - - - -] [bf6d14bf-42f7-4112-b9df-467e4f511594] AMQP rver on controller:5672 is unreachable: [Errno 113] EHOSTUNREACH. Trying again in 32 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2017-11-29 01:42:04.042 1840 ERROR oslo.messaging._drivers.impl_rabbit [req-bc6c79e0-5d57-454c-b8bb-c1fd04706b18 - - - - -] [bf6d14bf-42f7-4112-b9df-467e4f511594] AMQP rver on controller:5672 is unreachable: [Errno 113] EHOSTUNREACH. Trying again in 32 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2017-11-29 01:42:36.089 1840 ERROR oslo.messaging._drivers.impl_rabbit [req-bc6c79e0-5d57-454c-b8bb-c1fd04706b18 - - - - -] [bf6d14bf-42f7-4112-b9df-467e4f511594] AMQP rver on controller:5672 is unreachable: [Errno 113] EHOSTUNREACH. Trying again in 32 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2017-11-29 01:43:08.141 1840 INFO oslo.messaging._drivers.impl_rabbit [req-bc6c79e0-5d57-454c-b8bb-c1fd04706b18 - - - - -] [bf6d14bf-42f7-4112-b9df-467e4f511594] Reconnted to AMQP server on controller:5672 via [amqp] client with port 53352.

firewalld Disable 시 정상 적동 안하며 iptables Rule 추가 해야지 정상적으로 openstack-nova-compute 데몬이 실행 합니다!

 

최초 실행시 firewalld 의 영향을 받는거 같으며 리부팅시 firewalld Disable 환경에서도 정상적으로 openstack-nova-compute 가 동작합니다.

[root@compute ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@compute ~]# systemctl status openstack-nova-compute.service
● openstack-nova-compute.service - OpenStack Nova Compute Server
   Loaded: loaded (/usr/lib/systemd/system/openstack-nova-compute.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-12-02 07:47:01 KST; 21s ago
 Main PID: 1066 (nova-compute)
   CGroup: /system.slice/openstack-nova-compute.service
           └─1066 /usr/bin/python2 /usr/bin/nova-compute

Dec 02 07:46:56 compute systemd[1]: Starting OpenStack Nova Compute Server...
Dec 02 07:47:01 compute systemd[1]: Started OpenStack Nova Compute Server.
[root@compute ~]#

 

controller Rebooting 후 테스트 ( controller firewalld Enable 이고 Rule 이 빠졌을때는 정상적으로 동작 안하며 controller firewalld Disable 후 Rebooting 후 정상작동)

[root@compute ~]# systemctl status openstack-nova-compute.service
● openstack-nova-compute.service - OpenStack Nova Compute Server
   Loaded: loaded (/usr/lib/systemd/system/openstack-nova-compute.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-12-02 07:56:26 KST; 3s ago
 Main PID: 1461 (nova-compute)
   CGroup: /system.slice/openstack-nova-compute.service
           └─1461 /usr/bin/python2 /usr/bin/nova-compute

Dec 02 07:56:22 compute systemd[1]: Starting OpenStack Nova Compute Server...
Dec 02 07:56:26 compute systemd[1]: Started OpenStack Nova Compute Server.
[root@compute ~]#

 

 

controller node 에서 확인

[root@controller ~]# . admin-openrc
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary       | Host    | Zone | Status  | State | Updated At                 |
+----+--------------+---------+------+---------+-------+----------------------------+
|  6 | nova-compute | compute | nova | enabled | up    | 2017-11-28T16:47:09.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
[root@controller ~]#

 

compute 호스트 찾기

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': fbfd4a7d-3bcb-478a-b13c-6557c7c9acfe
Found 1 unmapped computes in cell: fbfd4a7d-3bcb-478a-b13c-6557c7c9acfe
Checking host mapping for compute host 'compute': f6f67c1c-f7c0-4d52-b521-30ee36610c60
Creating host mapping for compute host 'compute': f6f67c1c-f7c0-4d52-b521-30ee36610c60
[root@controller ~]#

 

interval수정

[root@controller ~]# vi /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300

 

서비스 구성요소 확인

[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-conductor   | controller | internal | enabled | up    | 2017-11-28T16:52:33.000000 |
|  2 | nova-consoleauth | controller | internal | enabled | up    | 2017-11-28T16:52:34.000000 |
|  3 | nova-scheduler   | controller | internal | enabled | up    | 2017-11-28T16:52:33.000000 |
|  6 | nova-compute     | compute    | nova     | enabled | up    | 2017-11-28T16:52:29.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]#

 

endpoint 목록 확인

[root@controller ~]# openstack catalog list
+-----------+-----------+----------------------------------------+
| Name      | Type      | Endpoints                              |
+-----------+-----------+----------------------------------------+
| glance    | image     | RegionOne                              |
|           |           |   public: http://controller:9292       |
|           |           | RegionOne                              |
|           |           |   admin: http://controller:9292        |
|           |           | RegionOne                              |
|           |           |   internal: http://controller:9292     |
|           |           |                                        |
| keystone  | identity  | RegionOne                              |
|           |           |   internal: http://controller:5000/v3/ |
|           |           | RegionOne                              |
|           |           |   public: http://controller:5000/v3/   |
|           |           | RegionOne                              |
|           |           |   admin: http://controller:35357/v3/   |
|           |           |                                        |
| placement | placement | RegionOne                              |
|           |           |   internal: http://controller:8778     |
|           |           | RegionOne                              |
|           |           |   admin: http://controller:8778        |
|           |           | RegionOne                              |
|           |           |   public: http://controller:8778       |
|           |           |                                        |
| nova      | compute   | RegionOne                              |
|           |           |   admin: http://controller:8774/v2.1   |
|           |           | RegionOne                              |
|           |           |   public: http://controller:8774/v2.1  |
|           |           | RegionOne                              |
|           |           |   public: http://controller:8774/v2.1  |
|           |           |                                        |
+-----------+-----------+----------------------------------------+
[root@controller ~]#

 

image 서비스 이미지 확인

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 3e4448dd-5399-4fff-934e-bde198f6d9fa | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]#

 

셀과 placement API 동작 확인

[root@controller ~]# nova-status upgrade check
+---------------------------+
| Upgrade Check Results     |
+---------------------------+
| Check: Cells v2           |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Placement API      |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Resource Providers |
| Result: Success           |
| Details: None             |
+---------------------------+
[root@controller ~]#

 

Test 전 controller node / compute node virt-clone 으로 vm 백업 

Networking Service neutron

https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/neutron.html

https://docs.openstack.org/neutron/pike/install/

 

controller system 에서 작업

 

neutron db 생성

[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
       IDENTIFIED BY 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
       IDENTIFIED BY 'NEUTRON_DBPASS';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> quit;
Bye
[root@controller ~]#

 

admin 환경파일을 불러 옵니다.

[root@controller ~]# . admin-openrc

 

neutron 유저를 생성합니다.

NEUTRON_PASS 입력

[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | d989d834135e40ecbb461c622bfb36bd |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

neutron role 추가

[root@controller ~]# openstack role add --project service --user neutron admin

 

서비스 엔티티 생성

[root@controller ~]# openstack service create --name neutron \
   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | a714327b7ff14147811588e03e0572ff |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@controller ~]#

 

네트워크 서비스 API 엔드포인트를 생성

[root@controller ~]# openstack endpoint create --region RegionOne \
   network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | fb0b35d86a5c48f39916835f429fc9e4 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a714327b7ff14147811588e03e0572ff |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 54310c0061b345919558e80df87f7a55 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a714327b7ff14147811588e03e0572ff |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d0234bd35b844d8da24bd806bc4fa6a9 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a714327b7ff14147811588e03e0572ff |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]#


네트워킹 옵션 구성

옵션 1 및 2에 의해 표현되는 두 아키텍처 중 하나를 사용하여 네트워킹 서비스를 배포할 수 있습니다.

옵션 1 은 프로바이더 (외부) 네트워크에 대한 인스턴스 연결만을 지원하는 가능한 단순한 아키텍처로 배포합니다.
셀프 서비스 (사설) 네트워크, 라우터 또는 플로팅 IP 주소가 없습니다. admin 또는 기타 권한이 있는 사용자만 프로바이더 네트워크를 관리할 수 있습니다.

옵션 2 는 옵션 1에 셀프 서비스 네트워크에 대한 인스턴스 연결을 지원하는 layer-3 서비스를 확장합니다.
demo 또는 다른 관리자 권한을 갖지 않은 사용자가 셀프 서비스와 프로바이더 네트워크 간 연결을 제공하는 라우터를 포함한 셀프 서비스 네트워크를 관리할 수 있습니다.
부가적으로, 플로팅 IP 주소는 인터넷과 같은 외부 네트워크로부터 셀프 서비스 네트워크를 사용하여 인스턴스에 대한 연결을 제공합니다.

셀프 서비스 네트워크는 보통 오버레이 네트워크를 사용합니다.
VXLAN과 같은 오버레이 네트워크 프로토콜은 오버헤드를 증가시키고 페이로드 또는 사용자 데이터를 위해 사용 가능한 용량을 감소시키는 추가적인 패킷 헤더를 포함합니다.
가상 네트워크 인프라에 대한 지식이 없더라도 인스턴스들은 기본 이더넷에 대한 1500 바이트의 maximum transmission unit (MTU) 를 사용하여 패킷 전송을 시도합니다.
네트워킹 서비스는 DHCP를 통해 인스턴스에 알맞은 MTU 값을 자동으로 제공합니다.
그러나, 몇몇 클라우드 이미지는 DHCP를 사용하지 않거나 DHCP MTU 옵션을 무시하며 메타데이터 또는 스크립트를 사용한 구성을 필요로 합니다.

 

참고 페이지

네트워킹 옵션 1: 프로바이더 네트워크

네트워킹 옵션 2: 셀프서비스 네트워크

 

네트워킹 옵션 2 : 셀프서비스 네트워크로 구성

 

구성요소 설치

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
   openstack-neutron-linuxbridge ebtables

 

neutron.conf 파일 수정

[root@controller ~]# vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true


[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS


[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS


[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

 

ml2_conf.ini 파일 수정

[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security


[ml2_type_flat]
flat_networks = provider


[ml2_type_vxlan]
vni_ranges = 1:1000


[securitygroup]
enable_ipset = true



 

리눅스 브릿지 에이전트 구성

리눅스 브릿지 에이전트는 인스턴스에 대한 layer-2 (브릿징과 스위칭) 가상 네트워킹 인프라를 구축하고 시큐리티 그룹을 처리 합니다.

설정내역 참고: https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/neutron-controller-install-option2.html

linuxbridge_agent.ini 파일 수정

[root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1


[vxlan]
enable_vxlan = true
local_ip = 40.0.0.101
l2_population = true



[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

Layer-3 에이전트 구성

l3_agent.ini 파일 수정

[root@controller ~]# vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge

 

dhcp_agent.ini 파일 수정

[root@controller ~]# vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

 

compute node 작업

[root@compute ~]# yum install -y openstack-neutron-linuxbridge ebtables ipset

 

neutron.conf 파일 수정

[root@compute ~]# vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS


[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

 

네트워킹 옵션 구성 

site: https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/neutron-compute-install-option2.html

네트워킹 옵션 2: 셀프 서비스 네트워크 compute 서비스에서 구성

[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1


[vxlan]
enable_vxlan = true
local_ip = 40.0.0.102
l2_population = true


[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

네트워킹 서비스를 사용하기 위해 Compute 서비스를 구성 합니다.

nova.conf 수정

[root@compute ~]# vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

 

compute 서비스 재시작

[root@compute ~]# systemctl restart openstack-nova-compute.service

 

linux 브릿지 에이전트를 시작 하고 enable

[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service

 

controller node 에서 작업

메타데이터 에이전트 구성

 

linux 브릿지 에이전트 실행전 ifcfg-eth1 file 정보수정 (확인 필요?)

[root@compute ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
#IPADDR=192.168.122.102
#NETMASK=255.255.255.0
#GATEWAY=192.168.122.1
[root@compute ~]# systemctl restart network

 

https://docs.openstack.org/neutron/pike/install/controller-install-obs.html

metadata_agent 는 인스턴스에 대한 자격 증명과 같은 구성정보를 제공 합니다.

[root@controller ~]# vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

 

nova.conf 수정

[root@controller ~]# vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

 

설치 마무리

네트워킹 서비스 초기화 스크립트 실행시 ML2 플러그인 구성 파일인 /etc/neturon/plugins/ml2/ml2_conf.ini 파일을 가르키는

심볼릭 링크 /etc/neturon/plugin.ini 파일을 생성 합니다. 심볼릭 링크 파일이 생성되지 않는다면, 다음 명령어를 통해서 생성합니다.

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

neutron 데이터 베이스 등록

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

 

compute api 서비스를 재시작 합니다.

[root@controller ~]# systemctl restart openstack-nova-api.service

 

네트워킹 서비스 enable 

[root@controller ~]#  systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
[root@controller ~]#  systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

 

네트워킹 옵션 2에 대해 layer-3 서비스를 활성화 및 실행

[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service

 

검증

[root@controller ~]# . admin-openrc
[root@controller ~]# openstack extension list --network
+----------------------------------------------------------------------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Name                                                                                         | Alias                     | Description                                                                                                                                              |
+----------------------------------------------------------------------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Default Subnetpools                                                                          | default-subnetpools       | Provides ability to mark and use a subnetpool as the default                                                                                             |
| Network IP Availability                                                                      | network-ip-availability   | Provides IP availability data for each network and subnet.                                                                                               |
| Network Availability Zone                                                                    | network_availability_zone | Availability zone support for network.                                                                                                                   |
| Auto Allocated Topology Services                                                             | auto-allocated-topology   | Auto Allocated Topology Services.                                                                                                                        |
| Neutron L3 Configurable external gateway mode                                                | ext-gw-mode               | Extension of the router abstraction for specifying whether SNAT should occur on the external gateway                                                     |
| Port Binding                                                                                 | binding                   | Expose port bindings of a virtual port to external application                                                                                           |
| agent                                                                                        | agent                     | The agent management extension.                                                                                                                          |
| Subnet Allocation                                                                            | subnet_allocation         | Enables allocation of subnets from a subnet pool                                                                                                         |
| L3 Agent Scheduler                                                                           | l3_agent_scheduler        | Schedule routers among l3 agents                                                                                                                         |
| Tag support                                                                                  | tag                       | Enables to set tag on resources.                                                                                                                         |
| Neutron external network                                                                     | external-net              | Adds external network attribute to network resource.                                                                                                     |
| Tag support for resources with standard attribute: trunk, policy, security_group, floatingip | standard-attr-tag         | Enables to set tag on resources with standard attribute.                                                                                                 |
| Neutron Service Flavors                                                                      | flavors                   | Flavor specification for Neutron advanced services                                                                                                       |
| Network MTU                                                                                  | net-mtu                   | Provides MTU attribute for a network resource.                                                                                                           |
| Availability Zone                                                                            | availability_zone         | The availability zone extension.                                                                                                                         |
| Quota management support                                                                     | quotas                    | Expose functions for quotas management per tenant                                                                                                        |
| If-Match constraints based on revision_number                                                | revision-if-match         | Extension indicating that If-Match based on revision_number is supported.                                                                                |
| HA Router extension                                                                          | l3-ha                     | Add HA capability to routers.                                                                                                                            |
| Provider Network                                                                             | provider                  | Expose mapping of virtual networks to physical networks                                                                                                  |
| Multi Provider Network                                                                       | multi-provider            | Expose mapping of virtual networks to multiple physical networks                                                                                         |
| Quota details management support                                                             | quota_details             | Expose functions for quotas usage statistics per project                                                                                                 |
| Address scope                                                                                | address-scope             | Address scopes extension.                                                                                                                                |
| Neutron Extra Route                                                                          | extraroute                | Extra routes configuration for L3 router                                                                                                                 |
| Network MTU (writable)                                                                       | net-mtu-writable          | Provides a writable MTU attribute for a network resource.                                                                                                |
| Subnet service types                                                                         | subnet-service-types      | Provides ability to set the subnet service_types field                                                                                                   |
| Resource timestamps                                                                          | standard-attr-timestamp   | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes.                                                    |
| Neutron Service Type Management                                                              | service-type              | API for retrieving service providers for Neutron advanced services                                                                                       |
| Router Flavor Extension                                                                      | l3-flavors                | Flavor support for routers.                                                                                                                              |
| Port Security                                                                                | port-security             | Provides port security                                                                                                                                   |
| Neutron Extra DHCP options                                                                   | extra_dhcp_opt            | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |
| Resource revision numbers                                                                    | standard-attr-revisions   | This extension will display the revision number of neutron resources.                                                                                    |
| Pagination support                                                                           | pagination                | Extension that indicates that pagination is enabled.                                                                                                     |
| Sorting support                                                                              | sorting                   | Extension that indicates that sorting is enabled.                                                                                                        |
| security-group                                                                               | security-group            | The security groups extension.                                                                                                                           |
| DHCP Agent Scheduler                                                                         | dhcp_agent_scheduler      | Schedule networks among dhcp agents                                                                                                                      |
| Router Availability Zone                                                                     | router_availability_zone  | Availability zone support for router.                                                                                                                    |
| RBAC Policies                                                                                | rbac-policies             | Allows creation and modification of policies that control tenant access to resources.                                                                    |
| Tag support for resources: subnet, subnetpool, port, router                                  | tag-ext                   | Extends tag support to more L2 and L3 resources.                                                                                                         |
| standard-attr-description                                                                    | standard-attr-description | Extension to add descriptions to standard attributes                                                                                                     |
| Neutron L3 Router                                                                            | router                    | Router abstraction for basic L3 forwarding between L2 Neutron networks and access to external networks via a NAT gateway.                                |
| Allowed Address Pairs                                                                        | allowed-address-pairs     | Provides allowed address pairs                                                                                                                           |
| project_id field enabled                                                                     | project-id                | Extension that indicates that project_id field is enabled.                                                                                               |
| Distributed Virtual Router                                                                   | dvr                       | Enables configuration of Distributed Virtual Routers.                                                                                                    |
+----------------------------------------------------------------------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#

 

에이전트 목록 확인

[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 20957f8f-f380-4f16-b953-6cf7b15838ba | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| 22649ee4-bb5d-4caf-b2fb-660477c54bd1 | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 869eb101-a59b-4088-87ab-f17d1634efd3 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| e827c41e-b4a0-4e3a-8ca6-4cd8bea7a3bf | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
[root@controller ~]#

 

정상적인 경우 (동기화 시간이 걸림?!)

[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 20957f8f-f380-4f16-b953-6cf7b15838ba | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| 22649ee4-bb5d-4caf-b2fb-660477c54bd1 | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 6d3a2576-00c1-4dba-82e6-b37355e870cf | Linux bridge agent | compute    | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 869eb101-a59b-4088-87ab-f17d1634efd3 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| e827c41e-b4a0-4e3a-8ca6-4cd8bea7a3bf | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

추가확인 필요사항:

해당메시지 원인?? 

controller node 

2017-12-02 10:43:01.242 975 WARNING oslo.service.loopingcall [-] Function 'neutron.plugins.ml2.drivers.agent._common_agent.CommonAgentLoop._report_state' run outlasted interval by 30.00 sec
2017-12-02 10:43:01.280 975 INFO neutron.plugins.ml2.drivers.agent._common_agent [-] Linux bridge agent Agent has just been revived. Doing a full sync.
2017-12-02 10:43:01.306 975 INFO oslo_messaging._drivers.amqpdriver [-] No calling threads waiting for msg_id : 7794b67aae68435ca91fd55654b06482
2017-12-02 10:43:01.315 975 INFO oslo_messaging._drivers.amqpdriver [-] No calling threads waiting for msg_id : 3bc8ea170a464c3e96c0ebd6dc6bfabe
2017-12-02 10:43:01.330 975 INFO neutron.plugins.ml2.drivers.agent._common_agent [req-b6886195-b847-460d-ab64-7c3d17c6af87 - - - - -] Linux bridge agent Agent RPC Daemon Started!
2017-12-02 10:43:01.331 975 INFO neutron.plugins.ml2.drivers.agent._common_agent [req-b6886195-b847-460d-ab64-7c3d17c6af87 - - - - -] Linux bridge agent Agent out of sync with plugin!
2017-12-02 10:43:01.338 975 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.arp_protect [req-b6886195-b847-460d-ab64-7c3d17c6af87 - - - - -] Clearing orphaned ARP spoofing entries for devices []

Linux bridge agent Agent out of sync with plugin!

WARNING oslo.service.loopingcall

compute node

2017-12-02 10:43:50.012 956 ERROR neutron.plugins.ml2.drivers.agent._common_agent     message = self.waiters.get(msg_id, timeout=timeout)
2017-12-02 10:43:50.012 956 ERROR neutron.plugins.ml2.drivers.agent._common_agent   File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 347, in get
2017-12-02 10:43:50.012 956 ERROR neutron.plugins.ml2.drivers.agent._common_agent     'to message ID %s' % msg_id)
2017-12-02 10:43:50.012 956 ERROR neutron.plugins.ml2.drivers.agent._common_agent MessagingTimeout: Timed out waiting for a reply to message ID 086fad94db8c45ac842aa74d46bc27ad
2017-12-02 10:43:50.012 956 ERROR neutron.plugins.ml2.drivers.agent._common_agent
2017-12-02 10:43:50.013 956 WARNING oslo.service.loopingcall [-] Function 'neutron.plugins.ml2.drivers.agent._common_agent.CommonAgentLoop._report_state' run outlasted interval by 30.00 sec
2017-12-02 10:43:50.047 956 INFO neutron.plugins.ml2.drivers.agent._common_agent [-] Linux bridge agent Agent has just been revived. Doing a full sync.
2017-12-02 10:43:50.075 956 INFO oslo_messaging._drivers.amqpdriver [-] No calling threads waiting for msg_id : 086fad94db8c45ac842aa74d46bc27ad
2017-12-02 10:43:50.084 956 INFO oslo_messaging._drivers.amqpdriver [-] No calling threads waiting for msg_id : 1404bc1930c1477cac6ed8fdc1794f9d
2017-12-02 10:43:50.194 956 INFO neutron.plugins.ml2.drivers.agent._common_agent [req-f7ecd86f-c1cf-4a74-bb67-84bde93d17b6 - - - - -] Linux bridge agent Agent out of sync with plugin!

ERROR neutron.plugins.ml2.drivers.agent._common_agent

WARNING oslo.service.loopingcall [-] Function

 

 

 

Dashboard Horizon

https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/horizon-install.html

https://docs.openstack.org/horizon/pike/install/install-rdo.html

 

controller node 에서 작업

openstack-dashboard 설치

[root@controller ~]# yum install -y openstack-dashboard

 

local_settings file 수정

[root@controller ~]# vi /etc/openstack-dashboard/local_settings


OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

# 모든곳에서 접속 가능하게 설정
ALLOWED_HOSTS = ['*', ]

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'

#옵션 2선택시 
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': True,
    'enable_quotas': True,
    'enable_ipv6': True,
    'enable_distributed_router': True,
    'enable_ha_router': False,
    'enable_fip_topology_check': True,
    'enable_lb' : False,
    'enable_firewall' : False,
    'enable_vpn' : True,

#옵션 1선택시 주석제거 하여 사용 
#OPENSTACK_NEUTRON_NETWORK = {
#    'enable_router': False,
#    'enable_quotas': False,
#    'enable_ipv6': True,
#    'enable_distributed_router': False,
#    'enable_ha_router': False,
#    'enable_fip_topology_check': False,


TIME_ZONE = "Asia/Seoul"


# 기존 내용 주석처리 
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

 

openstack-dashboard.conf 파일 수정

[root@controller ~]# vi /etc/httpd/conf.d/openstack-dashboard.conf
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}

WSGIApplicationGroup %{GLOBAL} 추가후 httpd restart

 

httpd , memcached 서비스 재시작

[root@controller ~]# systemctl restart httpd memcached

 

firewalld 의 경우

[root@controller ~]# firewall-cmd --permanent --add-port=80/tcp
success
[root@controller ~]# firewall-cmd --reload
success
[root@controller ~]#

 

iptables 의 경우 

[root@controller ~]# iptables -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
[root@controller ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@controller ~]# iptables -L

 

http://controller/dashboard 접속시 아래와 같은 메시지 확인 /var/log/httpd/error_log

[Thu Nov 30 13:45:57.003586 2017] [core:error] [pid 2015] [client 40.0.0.1:55710] Script timed out before returning headers: django.wsgi
[Thu Nov 30 13:45:58.178883 2017] [core:error] [pid 2012] [client 40.0.0.1:55712] Script timed out before returning headers: django.wsgi
[Thu Nov 30 13:47:35.981195 2017] [core:error] [pid 2013] [client 40.0.0.1:55714] Script timed out before returning headers: django.wsgi

 

 

 

openstack-status

[root@controller ~]# openstack-status
== Nova services ==
openstack-nova-api:                     active
openstack-nova-compute:                 inactive  (disabled on boot)
openstack-nova-network:                 inactive  (disabled on boot)
openstack-nova-scheduler:               active
openstack-nova-conductor:               active
openstack-nova-console:                 inactive  (disabled on boot)
openstack-nova-consoleauth:             active
openstack-nova-xvpvncproxy:             inactive  (disabled on boot)
== Glance services ==
openstack-glance-api:                   active
openstack-glance-registry:              active
== Keystone service ==
openstack-keystone:                     inactive  (disabled on boot)
== Horizon service ==
openstack-dashboard:                    active
== neutron services ==
neutron-server:                         active
neutron-dhcp-agent:                     active
neutron-l3-agent:                       active
neutron-metadata-agent:                 active
neutron-linuxbridge-agent:              active
== Support services ==
mariadb:                                active
dbus:                                   active
rabbitmq-server:                        active
memcached:                              active
== Keystone users ==
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 1697cb80fbed4140bbde5cf1f2fcafc1 | admin     |
| 1a77bd31ec4744bf82fab8fcff5fa561 | nova      |
| b316501ef28c4b28a44c64e65315ef83 | glance    |
| d979c3d5c3e44d6bac0225361907eff3 | placement |
| dd785cc29b9a4db8bdded1cb8ff056cc | demo      |
| f23bc457da1b44bb86712308af8e52b9 | neutron   |
+----------------------------------+-----------+
== Glance images ==
+--------------------------------------+--------+
| ID                                   | Name   |
+--------------------------------------+--------+
| 8a830f40-8837-4efb-a8e4-550c85bfa9c8 | cirros |
+--------------------------------------+--------+
== Nova managed services ==
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id                                   | Binary           | Host       | Zone     | Status  | State | Updated_at                 | Disabled Reason | Forced down |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| b4331f58-93ac-4310-9af5-c7ed14ac7931 | nova-conductor   | controller | internal | enabled | up    | 2017-12-01T07:20:49.000000 | -               | False       |
| 98a118aa-28ce-45bd-b468-f5a4862be5e3 | nova-consoleauth | controller | internal | enabled | up    | 2017-12-01T07:20:51.000000 | -               | False       |
| 5801fdd3-864d-4d46-b7c5-fac6b32a6687 | nova-scheduler   | controller | internal | enabled | up    | 2017-12-01T07:20:50.000000 | -               | False       |
| 4e43a928-879c-46d5-a045-6aa8a705c363 | nova-compute     | compute    | nova     | enabled | up    | 2017-12-01T07:20:48.000000 | -               | False       |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
== Nova networks ==
usage: nova [--version] [--debug] [--os-cache] [--timings]
            [--os-region-name <region-name>] [--service-type <service-type>]
            [--service-name <service-name>]
            [--os-endpoint-type <endpoint-type>]
            [--os-compute-api-version <compute-api-ver>]
            [--endpoint-override <bypass-url>] [--profile HMAC_KEY]
            [--insecure] [--os-cacert <ca-certificate>]
            [--os-cert <certificate>] [--os-key <key>] [--timeout <seconds>]
            [--os-auth-type <name>] [--os-auth-url OS_AUTH_URL]
            [--os-domain-id OS_DOMAIN_ID] [--os-domain-name OS_DOMAIN_NAME]
            [--os-project-id OS_PROJECT_ID]
            [--os-project-name OS_PROJECT_NAME]
            [--os-project-domain-id OS_PROJECT_DOMAIN_ID]
            [--os-project-domain-name OS_PROJECT_DOMAIN_NAME]
            [--os-trust-id OS_TRUST_ID]
            [--os-default-domain-id OS_DEFAULT_DOMAIN_ID]
            [--os-default-domain-name OS_DEFAULT_DOMAIN_NAME]
            [--os-user-id OS_USER_ID] [--os-username OS_USERNAME]
            [--os-user-domain-id OS_USER_DOMAIN_ID]
            [--os-user-domain-name OS_USER_DOMAIN_NAME]
            [--os-password OS_PASSWORD]
            <subcommand> ...
error: argument <subcommand>: invalid choice: u'network-list'
Try 'nova help ' for more information.
== Nova instance flavors ==
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
+----+------+-----------+------+-----------+------+-------+-------------+-----------+
== Nova instances ==
+----+------+-----------+--------+------------+-------------+----------+
| ID | Name | Tenant ID | Status | Task State | Power State | Networks |
+----+------+-----------+--------+------------+-------------+----------+
+----+------+-----------+--------+------------+-------------+----------+
[root@controller ~]#

 

SElinux 작업 (확인필요)

[root@controller ~]# setsebool -P httpd_can_network_connect on

 

 

Domain 이 안보이는군요.

//OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True 때문으로 보이는데 테스트 필요!

 

iptables Disable 시 정상적으로 Doamin 이 보입니다.

 

Domain : default

User Name : admin

Password : ADMIN_PASS

 

로그인후

 

Block Storage service Cinder 

 

별도의 스토리지 노드가 있다면 해당 node 에서 작업을 해야 합니다.

테스트 구성의 경우 controller node / compute node 구성이며 nova-compute 를 제외한 모든 구성의 경우 controller node 에서 테스트를 하였습니다.

https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/cinder.html

https://docs.openstack.org/cinder/pike/install/

 

controller node 에서 작업

 

cinder db 생성 및 사용자 생성

 

[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE cinder;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
       IDENTIFIED BY 'CINDER_DBPASS';

MariaDB [(none)]>  GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
       IDENTIFIED BY 'CINDER_DBPASS';

MariaDB [(none)]> flush privileges;

MariaDB [(none)]> quit;
Bye
[root@controller ~]#

 

openstack cinder  사용자 생성 CINDER_PASS 입력

[root@controller ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 64384bdac78b4188a0eebd245015cb72 |
| name                | cinder                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]#

 

admin role 추가

root@controller ~]# openstack role add --project service --user cinder admin

 

cinderv2 / cinderv3 서비스 엔티티 생성

[root@controller ~]# openstack service create --name cinderv2 \
   --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | 063e877108da473a9100a2720bd60aa7 |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv3 \
   --description "OpenStack Block Storage" volumev3

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | 69309bb71f9641d69ba1f02619640b44 |
| name        | cinderv3                         |
| type        | volumev3                         |
+-------------+----------------------------------+
[root@controller ~]#

 

Block Storage service api 엔드포인트 생성

[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev2 public http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 549a0aaedc01449d8cd5c32ecc99417b         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 063e877108da473a9100a2720bd60aa7         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev2 internal http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 71d6d8fc61c248e98a658a04c52e4053         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 063e877108da473a9100a2720bd60aa7         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev2 admin http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 5df1ebc0ff964941ba20ce9741bb54fa         |
| interface    | admin                                    |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 063e877108da473a9100a2720bd60aa7         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]#


 

[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev3 public http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | feb6fadb6f3c44328cb1e21b9a95cf8c         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 69309bb71f9641d69ba1f02619640b44         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev3 internal http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | f75311f0f96243a3b9dad05f624aabad         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 69309bb71f9641d69ba1f02619640b44         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
   volumev3 admin http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 389f36c141ba4b08b7699e164610aba4         |
| interface    | admin                                    |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | 69309bb71f9641d69ba1f02619640b44         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]#


 

openstack-cinder 설치

[root@controller ~]# yum install -y openstack-cinder

 

cinder.conf 수정

[root@controller ~]# vi /etc/cinder/cinder.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 40.0.0.101


[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS


[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

 

블록 스토리지 데이터베이스 등록

[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder

Option “logdir” from group “DEFAULT” is deprecated. Use option “log-dir” from group “DEFAULT” message 출력 logdir 옵션 에서 log-dir 로 변경 ? (차후 테스트)

 

nova.conf 수정 

[root@controller ~]# vi /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne

 

Compute API 서비스를 재시작

[root@controller ~]# systemctl restart openstack-nova-api

 

블록스토리지 서비스 실행및 enable 

[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

 

cinder localvoulum 의 경우 확인 필요 

[root@controller ~]# openstack volume service list
+------------------+------------+------+---------+-------+----------------------------+
| Binary           | Host       | Zone | Status  | State | Updated At                 |
+------------------+------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up    | 2017-11-30T09:01:45.000000 |
+------------------+------------+------+---------+-------+----------------------------+
[root@controller ~]#

 

cider node 에 별도의 cinder image 용 Disk 추가후 작업

참고 페이지: https://docs.openstack.org/ocata/ko_KR/install-guide-rdo/cinder-storage-install.html

https://docs.openstack.org/cinder/pike/install/cinder-storage-install-rdo.html

 

별도 Storage node 구성시 참고 사항

controller node 로 Cinder 구성시 아래 내용은 Skip 하시면 됩니다.

cinder node 에서 작업

Storage node 의 경우 별도의 작업이 필요 합니다. iscsi 이용 및 lvm 구성

 

LVM 설치

[root@cinder ~]# yum install -y lvm2

 

LVM enable 및 실행

[root@cinder ~]# systemctl enable lvm2-lvmetad.service
[root@cinder ~]# systemctl start lvm2-lvmetad.service

 

controller System 의 디스크 정보 확인

[root@cinder ~]# fdisk -l

Disk /dev/vda: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0009fed1

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048     4196351     2097152   83  Linux
/dev/vda2         4196352    12584959     4194304   82  Linux swap / Solaris
/dev/vda3        12584960   209715199    98565120   83  Linux

<strong><span style="color: #ff0000;" data-mce-style="color: #ff0000;">Disk /dev/vdb: 53.7 GB, 53687091200 bytes, 104857600 sectors</span></strong>
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

[root@cinder ~]# 

추가된 디스크 /dev/vdb

 

pv생성

[root@cinder ~]# pvcreate /dev/vdb
  Physical volume "/dev/vdb" successfully created.
[root@cinder ~]# 

 

cinder-volumes vg 생성

[root@cinder ~]# vgcreate cinder-volumes /dev/vdb
  Volume group "cinder-volumes" successfully created
[root@cinder ~]# 

 

lvm filter 수정 lvm.conf 

[root@cinder ~]# vi /etc/lvm/lvm.conf
        # Cinder Settings
        filter = [ "a/vdb/", "r|.*/|" ]

lvm 을 운영체제 Disk 로 사용할 경우 추가 해야 합니다. Test Machine 의 경우 일반 볼륨 입니다.

 

lvmdisksan 확인 filter 설정전

[root@cinder ~]# lvmdiskscan
  /dev/vda1 [       2.00 GiB]
  /dev/vda2 [       4.00 GiB]
  /dev/vda3 [     <94.00 GiB]
  /dev/vdb  [      50.00 GiB] LVM physical volume
  0 disks
  3 partitions
  1 LVM physical volume whole disk
  0 LVM physical volumes
[root@cinder ~]# 

 

filter 설정후

[root@cinder ~]# lvmdiskscan
  /dev/vdb [      50.00 GiB] LVM physical volume
  0 disks
  0 partitions
  1 LVM physical volume whole disk
  0 LVM physical volumes
[root@cinder ~]# 

 

패키지 설치 

[root@cinder ~]# yum install -y openstack-cinder targetcli python-keystone

 

cinder.conf 수정

[root@cinder ~]# vi /etc/cinder/cinder.conf
#my_ip 의 경우 managet먼트 인터페이스 ip 입니다. controller node ip 입력

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 40.0.0.101
enabled_backends = lvm
glance_api_servers = http://controller:9292


[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder


[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS


#lvm 섹션은 존재하지 않습니다. 추가로 만들어 줍니다.
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm


[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

 

Cinder service 실행 및 enable

[root@cinder ~]# systemctl enable openstack-cinder-volume.service target.service
[root@cinder ~]# systemctl start openstack-cinder-volume.service target.service

 

 

— Test중

provider network eth0 -> eth1 로 Device 변경

controller node 작업 BOOTPROTO=none , NETWORK 정보 주석처리

[root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = provider:eth1
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
#IPADDR=192.168.122.101
#NETMASK=255.255.255.0
#GATEWAY=192.168.122.1
[root@controller ~]#
[root@controller ~]# init 6 

 

compute node 작업 BOOTPROTO=none , NETWORK 정보 주석처리

[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = provider:eth1
[root@compute ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
#IPADDR=192.168.122.102
#NETMASK=255.255.255.0
#GATEWAY=192.168.122.1
[root@compute ~]# init 6

 

System Rebooting 후 neutron-linuxbridge-agent 동작 확인

controller node

[root@controller ~]# systemctl status neutron-linuxbridge-agent
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-12-01 08:50:02 KST; 5min ago
  Process: 795 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
 Main PID: 829 (neutron-linuxbr)
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           ├─ 829 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --confi...
           ├─1378 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
           └─1379 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neut...

Dec 01 08:50:02 controller systemd[1]: Starting OpenStack Neutron Linux Bri.....
Dec 01 08:50:02 controller neutron-enable-bridge-firewall.sh[795]: net.bridge...
Dec 01 08:50:02 controller neutron-enable-bridge-firewall.sh[795]: net.bridge...
Dec 01 08:50:02 controller systemd[1]: Started OpenStack Neutron Linux Brid...t.
Dec 01 08:50:06 controller neutron-linuxbridge-agent[829]: Guru meditation no...
Dec 01 08:50:22 controller sudo[1378]:  neutron : TTY=unknown ; PWD=/ ; USE...nf
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]#

compute node

[root@compute ~]#  systemctl status neutron-linuxbridge-agent
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-12-01 08:49:35 KST; 6min ago
  Process: 785 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
 Main PID: 804 (neutron-linuxbr)
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           ├─804 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config...
           ├─963 sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
           └─964 /usr/bin/python2 /usr/bin/neutron-rootwrap-daemon /etc/neutr...

Dec 01 08:49:35 compute systemd[1]: Starting OpenStack Neutron Linux Bridge.....
Dec 01 08:49:35 compute neutron-enable-bridge-firewall.sh[785]: net.bridge.br...
Dec 01 08:49:35 compute neutron-enable-bridge-firewall.sh[785]: net.bridge.br...
Dec 01 08:49:35 compute systemd[1]: Started OpenStack Neutron Linux Bridge ...t.
Dec 01 08:49:36 compute neutron-linuxbridge-agent[804]: Guru meditation now r...
Dec 01 08:49:38 compute sudo[963]:  neutron : TTY=unknown ; PWD=/ ; USER=ro...nf
Hint: Some lines were ellipsized, use -l to show in full.
[root@compute ~]#

 

CentOS 7 vncserver 설치

TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), a client/server application that allows users to launch and interact with graphical applications on remote machines. TigerVNC provides the levels of performance necessary to run 3D and video applications, and it attempts to maintain a common look and feel and re-use components, where possible, across the various platforms that it supports. TigerVNC also provides extensions for advanced authentication methods and TLS encryption

참고페이지: https://www.itzgeek.com/how-tos/linux/centos-how-tos/configure-vnc-server-on-centos-7-rhel-7.html

https://www.ipentec.com/document/linux-centos-7-vncserver-tigervncserver-install

tigervnc viewer : https://github.com/TigerVNC/tigervnc/releases

 

tigervnc-server 설치

[root@centos74 ~]# yum install -y tigervnc-server

 

vncserver 파일 복사

[root@centos74 ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

 

vncserver 파일 수정

[root@centos74 ~]# vi /etc/systemd/system/vncserver@\:1.service
[Service]
Type=forking
User=<USER>

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=-/usr/bin/vncserver -kill %i
ExecStart=/usr/bin/vncserver %i
PIDFile=/home/<USER>/.vnc/%H%i.pid
ExecStop=-/usr/bin/vncserver -kill %i

 

수정후

[Service]
Type=forking

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

 

vncserver 설정후 변경을 위하여 systemctl 설정을 Reload 합니다.

[root@centos74 ~]# systemctl daemon-reload

 

vncserver enable 

[root@centos74 ~]# systemctl enable vncserver@:1.service
Created symlink from /etc/systemd/system/multi-user.target.wants/vncserver@:1.service to /etc/systemd/system/vncserver@:1.service.
[root@centos74 ~]#

 

vncuser password 설정

[root@centos74 ~]# vncserver

You will require a password to access your desktops.

Password:
Verify:
Would you like to enter a view-only password (y/n)? y
Password:
Verify:

New 'centos74:2 (root)' desktop is centos74:2

Creating default startup script /root/.vnc/xstartup
Creating default config /root/.vnc/config
Starting applications specified in /root/.vnc/xstartup
Log file is /root/.vnc/centos74:2.log

[root@centos74 ~]#

 

방화벽을 설정 합니다.

[root@centos74 ~]#  firewall-cmd --permanent --zone=public --add-service vnc-server
success
[root@centos74 ~]# firewall-cmd --reload
success
[root@centos74 ~]#

 

vncserver 동작확인

[root@centos74 ~]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2017-11-29 09:04:27 KST; 30s ago
  Process: 1100 ExecStart=/usr/sbin/runuser -l root -c /usr/bin/vncserver %i (code=exited, status=0/SUCCESS)
  Process: 1082 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 1231 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           ‣ 1231 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop centos74:1 (root) -fp catalogue:/etc/X11/fontpath...

Nov 29 09:04:24 centos74 systemd[1]: Starting Remote desktop service (VNC)...
Nov 29 09:04:27 centos74 systemd[1]: Started Remote desktop service (VNC).
[root@centos74 ~]#

 

 

client 에는 tigervnc site 에서 다운받을수 있습니다.

http://tigervnc.org/

 

vncserver접속 vncport 의 경우 5901 port 를 사용하며 vnc-client 에서는 편의상 1 로 입력합니다.

password 입력후 vnc접속 확인을 할수 있습니다. 

 

vnc-server 가 정상적으로 동작을 하지 않을 경우

/root/.vnc 디렉토리의 *.log 및 *.pid 삭제

/tmp/.X11-unix 디렉토리의 X로 시작하는 파일을 삭제후 재시작 하시면 됩니다.

ex)

[root@test-machine ~]# cd .vnc/
[root@test-machine .vnc]# rm -f test-machine\:6.*
[root@test-machine .vnc]# cd /tmp/
[root@test-machine tmp]# rm .X11-unix/ -rf

 

 

 

CentOS 의 경우 Desktop 의 경우 yum groupinstall 로 간단하게 설치 할수 있습니다.

Runlevel 의 경우 기존에는 /etc/inittab 에서 지정을 하였지만 CentOS7 에서는 systemctl set-default 로 지정 할수 있습니다.

 

 

패키지 설치

[root@centos74 ~]# yum groupinstall "GNOME Desktop" -y

 

runlevel 확인 및 runlevel 변경후 시스템 리부팅

[root@centos74 ~]# systemctl get-default
multi-user.target
[root@centos74 ~]# systemctl set-default graphical.target
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target.
[root@centos74 ~]#
[root@centos74 ~]# init 6

 

최소설치 에서 gnome desktop 을 설치 하면 아래와 같은 화면을 볼수 있습니다.

1을 눌러 License information 을 선택 합니다.

 

2를 눌러 I accept the license agreement 를 선택 합니다.

 

c를 눌러 설정을 마무리 합니다.

 

 

 

 

VirtualBox 를 많이 사용하기는 하지만 KVM Server 를 운영하여 여러대의 vm 을 생성후

System infra 를 구성할수 있습니다. kvm-host 구성및 FeeBSD 등 이기종 OS 구성들을 간편하게 할수 있습니다.

또한 VM template 생성후 virt-clone 명령어를 통하여 VM 을 Copy 하여 사용할수도 있습니다.

KVM 의 자세한 정보는 https://www.linux-kvm.org/page/Main_Page 에서 확인 할수 있습니다.

 

 

System update 를 진행후 리부팅을 합니다.

[root@kvm-test ~]# yum update -y
[root@kvm-test ~]# init 6

 

KVM 설치 및 X11 포워딩시 필요한 패키지 설치

[root@kvm-test ~]# yum install qemu-kvm qemu-img virt-manager virt-install libvirt libvirt-client -y
[root@kvm-test ~]# yum install xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils -y

 

기타 필요 패키지 설치

yum install -y tree git wget screen net-tools tcpdump nmap unzip bzip2 bind-utils ftp policycoreutils-python vim-common sysstat ntp

 

tuned 설정 및 system rebooting 

[root@kvm-test ~]# tuned-adm profile virtual-host
[root@kvm-test ~]# init 6

 

MobaXterm 사용시 별도의 X11 포워딩 설정을 하지 않아도 됩니다.

https://mobaxterm.mobatek.net/

 

리부팅후 MobaXterm 으로 확인

CentOS 7 / RHEL 7 의 경우 biosdevname 사용으로 인하여

Nic Device name 이 ethX -> ens 등으로 표시가 됩니다.

별도로 바꿔줄 필요는 없지만 종종 바꿀일 들이 생깁니다.

 

Nic Device 확인

[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::3d0d:c304:ffd2:345d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a1:92:93  txqueuelen 1000  (Ethernet)
        RX packets 413  bytes 28643 (27.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 55  bytes 8462 (8.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]#

Nic Device 확인시 ens33 으로 설정 되어 있습니다.

 

grub file 편집

설정전

[root@localhost ~]# vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

 

설정후

[root@localhost ~]# vi /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet net.ifnames=0 biosdevname=0"
GRUB_DISABLE_RECOVERY="true"

GRUB_CMDLINE_LINUX net.ifnames=0 biosdevname=0 추가

 

grub2-mkconfig 명령어 실행

[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-24b6899878164e84bdd6ecc2468d59ff
Found initrd image: /boot/initramfs-0-rescue-24b6899878164e84bdd6ecc2468d59ff.img
done
[root@localhost ~]#

 

시스템 리부팅후 확인

[root@localhost ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::991d:2916:bd16:7c3d  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:a1:92:93  txqueuelen 1000  (Ethernet)
        RX packets 188  bytes 14643 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49  bytes 7742 (7.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]#

 

추가적으로 /etc/sysconfing/network-scripts/ifcfg-ens33 을 eth0 으로 변경 하고 설정 정보를 변경 해야 합니다.

 

 

CentOS 설치

 

DVD Image 로 부팅을 하면 최초 설치 화면을 볼수 있습니다.

OS 장애시에도 DVD Image 를 사용하기도 합니다. 설치시에는 Install CentOS 7 을 선택 합니다.

Install CentOS 7 을 선택 합니다.

 

설치 언어 선택 

사용할 언어를 선택 합니다. Desktop 을 쓴다고 하면 한글을 사용하겠지만 서버 환경에서는 Default 로 선택되어 있는 English 로 사용 하는것이 편합니다.

English 를 선택후 Continue 를 클릭합니다.

 

INSTALLATION SUMMARY 설치 요약 정보

설정할수 있는 항목은 다음과 같습니다.

LOCALIZATION 

DATE & TIME : System 에서 사용할 Timezone 을 설정 할수 있습니다.

KEYBOARD : System 에서 사용할 키보드 선택

LANGUAGE SUPPORT : System 에서 사용할 언어설정

 

SOFTWARE 

INSTALLATION SOURCE : 설치 미디어 선택 NETWORK 설치 및 CD-ROM 으로 설치 할수 있습니다.

SOFTWARE SELECTION : OS 설치시 설치할 패키지 선택

 

SYSTEM

INSTALLATION DESTINATION : OS 설치가 될 HardDisk 의 파티션작업을 할수 있습니다.

KDUMP : OS 장애시 KDUMP 설정을 통하여 OS Dump 를 떨어 트릴수 있습니다.

NETWORK & HOSTNAME : IP 설정및 System Hostname 을 설정 할수 있습니다.

SECURITY POLICY : System 보안 설정을 할수 있습니다.

 

설정 DATE & TIME 클릭하여 Timezone 을 변경 합니다.  Asia Seoul 로 변경후 Done 을 클릭 합니다.

 

SYSTEM 항목 에서 INSTALLATION DESTINATION 을 선택 합니다.

Other Storage Options 에 Partitioning 이 Automatically configure partitioning. 이 선택 되어 있습니다.

I will configure partioning. 으로 변경후 Done 을 클릭 합니다.

 

MANUAL PARTITIONING (수동 파티션 설정)

OS 영역 영역의 경우

사용방법에 따라 다르겠지만 /boot , 영역의 경우 일반적으로 lvm 이 아닌 Standard Parition 으로 구성 합니다.

/boot 2G (kernel-upgrade 시 boot 용량이 증가 합니다. 예전 centOS 5 까지는 512m 정도로 설정 하였지만 CentOS 7 에서는 2G ~ 4G 가 적당할것으로 보입니다.)

swap (Memory 용량의 약 1배 16G 까지 32G 서부터는 약 반배만 설정 합니다. ) 사용용도에 따라 상이하게 설정 하면 됩니다.

swap 설정의 자세한 내용은 Redhat Site : https://access.redhat.com/ko/node/744483 에서 확인 할수 있습니다.

/   (별도의 파티션으로 /usr /home /var /tmp 를 설정 하지 않는다고 하면 HardDisk 의 최대 사이즈로 지정 할수 있습니다.)

/home (일반유저 디렉토리로 사용자가 많은 경우 높게 설정해야 합니다.)

/var (log 및 db data 의 Default 저장 디렉토리 입니다. log 저장을 많이 하는 System 에서는 Size 를 크게 설정 해야 합니다.)

일반적으로는 /boot , swap ,  / ,  /home , /var 정도만 설정하여도 무방 하며 OS 영역이 아닌 일반 Data 의 경우 NFS / SAN 등으로 볼륨을 추가 하여 DATA 를 저장하여 사용 합니다.

KDUMP 이용시 /var/crash 가 설정되어야 하며 일반적으로 메모리의 약 1.5 배로 설정을 합니다.

 

Create new mount points by clicking the + button. New mount points will use the following partitioning scheme:

에서 Standard Partition 을 선택 합니다.

+ 버튼을 눌러 파티션을 추가 할수 있습니다.

/boot 파티션 생성 

/boot 디렉토리 2G Size 로 파티션을 생성 합니다.

Add mount point 를 클릭 합니다.

Mount Point: 경로 설정

Desired Capacity: 용량

Add mount point 를 클릭하여 boot 파티션을 생성 합니다.

 

swap 파티션 생성

swap 의 경우 별도로 Mount Point 가 필요 없습니다.

Mount Point : swap

Desired Capacity: 4G 로 설정 합니다.

Add mount point 를 클릭하여 swap 파티션을 생성 합니다.

 

/ 파티션 생성

Mount Point : /

Desired Capacity:  용량이 설정 되지 않으면 HardDisk 의 최대 용량으로 설정 됩니다.

Add mount point 를 클릭하여 / 파티션을 생성 합니다.

 

파티셔닝 작업이 끝났습니다.

Done 을 클릭 합니다.

 

SUMMARY OF CHANGES 변경사항 요약

Accept Changes 를 클릭 합니다.

 

INSTALLATION SUMMARY 

처음 설정 하였던 화면으로 돌아 왔습니다. 추가적인 패키지 설치 및 NETWORK 설정 Hostname 변경 등의 작업은 차후에 진행할수 있습니다.

Begin Installation 을 클릭 하여 설치를 진행 합니다. 

 

CONFIGURATION 

Begin Installation 을 클릭하면 파티셔닝 작업후 선택한 패키지로 설치가 진행 됩니다.

USER SETTINGS 에서는 ROOT PASSWORD 설정 , USER CREATION 을 진행 할수 있습니다.

ROOT PASSWORD 를 선택하여 관리자 암호를 설정 합니다.

 

ROOT PASSWORD 관리자 암호 설정

Root Password 설정을 한후 Done 을 클릭하여 관리자 암호를 설정 합니다.

 

OS 설치가 완료 되었습니다. Reboot 을 클릭 하여 설치를 마무리 합니다. 

 

 

 

 

 

 

 

FreeBSD 에서도 Docker 를 사용하실수 있습니다.

단, OS 올리고 내리고 정도만 정상적으로 됩니다. 

mariadb 볼륨 연결을 테스트 해보았지만 정상적으로 되지 않았습니다.

어디까지나 시험삼아 테스트 하시기 바랍니다.

zfs 파일시스템을 사용해야 하며 Test는 VM FreeBSD 11 로 진행 하였습니다.

Test VM은 OS 설치부터 zfs 로 진행을 하였습니다.

ufs 파일시스템을 사용하시면 별도로 파티션 추가후 zfs 파일시스템을 만드시고 작업 하시면 됩니다.

참고페이지:https://wiki.freebsd.org/Docker

 

Docker 설치

root@bsd11:~ # pkg install docker-freebsd ca_root_nss

 

설치완료후 메세지

Message from docker-freebsd-20150625_1:
Docker requires a bit of setup before usage.

You will need to create a ZFS dataset on /usr/docker

# zfs create -o mountpoint=/usr/docker <zroot>/docker

And lastly enable the docker daemon
# sysrc -f /etc/rc.conf docker_enable="YES"
# service docker start

(WARNING)

Starting the docker service will also add the following PF rule:

nat on ${iface} from 172.17.0.0/16 to any -> (${iface})

Where $iface is the default NIC on the system, or the value
of $docker_nat_iface. This is for network connectivity to docker
containers in this early port. This should not be needed in future
versions of docker.
Message from ca_root_nss-3.32.1:
********************************* WARNING *********************************

FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.

*********************************** NOTE **********************************

This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem

***************************************************************************
root@bsd11:~ #

 

 

docker 에서 사용할 zfs 파일시스템을 추가 합니다.

root@bsd11:~ # zfs create -o mountpoint=/usr/docker zroot/docker
root@bsd11:~ # df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default     16G    788M     15G     5%    /
devfs                 1.0K    1.0K      0B   100%    /dev
zroot/tmp              15G     88K     15G     0%    /tmp
zroot/usr/home         15G    128K     15G     0%    /usr/home
zroot/usr/ports        16G    678M     15G     4%    /usr/ports
zroot/usr/src          16G    633M     15G     4%    /usr/src
zroot/var/audit        15G     88K     15G     0%    /var/audit
zroot/var/crash        15G     88K     15G     0%    /var/crash
zroot/var/log          15G    140K     15G     0%    /var/log
zroot/var/mail         15G     88K     15G     0%    /var/mail
zroot/var/tmp          15G     88K     15G     0%    /var/tmp
zroot                  15G     88K     15G     0%    /zroot
zroot/docker           15G     88K     15G     0%    /usr/docker

 

/etc/rc.conf 수정 및 docker service start

root@bsd11:~ # sysrc -f /etc/rc.conf docker_enable="YES"
docker_enable:  -> YES
root@bsd11:~ # service docker start
Starting docker...
root@bsd11:~ #

 

docker 명령어를 사용할 유저를 생성 합니다.

root@bsd11:~ # pw user add test -m -g wheel
root@bsd11:~ # passwd test
Changing local password for test
New Password:
Retype New Password:
root@bsd11:~ #

 

유저를 operator group 에 추가 합니다.

root@bsd11:~ # pw usermod test -G operator

 

test 유저로 작업

root@bsd11:~ # su - test
To see the IP addresses currently set on your active interfaces, type
"ifconfig -u".
                -- Dru <genesis@istar.ca>
$

 

쉘을 변경 합니다. sh -> csh Shell 부분에서 변경하시면 됩니다.

password 는 User 패스워드를 입력하시면 됩니다.

$ chsh test
#Changing user information for test.
Shell: /bin/csh
Full Name: User &
Office Location:
Office Phone:
Home Phone:
Other information:

 

Docker Version 확인

test@bsd11:~ % docker version
Client version: 1.7.0-dev
Client API version: 1.19
Go version (client): go1.9
Git commit (client): 582db78
OS/Arch (client): freebsd/amd64
Server version: 1.7.0-dev
Server API version: 1.19
Go version (server): go1.9
Git commit (server): 582db78
OS/Arch (server): freebsd/amd64
test@bsd11:~ %

 

docker image search 

test@bsd11:~ % docker search centos
NAME                               DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
centos                             The official build of CentOS.                   3831      [OK]
ansible/centos7-ansible            Ansible on Centos7                              103                  [OK]
jdeathe/centos-ssh                 CentOS-6 6.9 x86_64 / CentOS-7 7.4.1708 x8...   90                   [OK]
tutum/centos                       Simple CentOS docker image with SSH access      33
imagine10255/centos6-lnmp-php56    centos6-lnmp-php56                              32                   [OK]
gluster/gluster-centos             Official GlusterFS Image [ CentOS-7 +  Glu...   21                   [OK]
kinogmt/centos-ssh                 CentOS with SSH                                 17                   [OK]
centos/mysql-57-centos7            MySQL 5.7 SQL database server                   15
openshift/base-centos7             A Centos7 derived base image for Source-To...   13
centos/python-35-centos7           Platform for building and running Python 3...   12
centos/php-56-centos7              Platform for building and running PHP 5.6 ...   10
openshift/jenkins-2-centos7        A Centos7 based Jenkins v2.x image for use...   6
openshift/mysql-55-centos7         DEPRECATED: A Centos7 based MySQL v5.5 ima...   6
darksheer/centos                   Base Centos Image -- Updated hourly             3                    [OK]
pivotaldata/centos-mingw           Using the mingw toolchain to cross-compile...   1
indigo/centos-maven                Vanilla CentOS 7 with Oracle Java Developm...   1                    [OK]
miko2u/centos6                     CentOS6 日本語環境                                   1                    [OK]
blacklabelops/centos               CentOS Base Image! Built and Updates Daily!     1                    [OK]
openshift/php-55-centos7           DEPRECATED: A Centos7 based PHP v5.5 image...   1
pivotaldata/centos-gpdb-dev        CentOS image for GPDB development. Tag nam...   1
smartentry/centos                  centos with smartentry                          0                    [OK]
openshift/wildfly-101-centos7      A Centos7 based WildFly v10.1 image for us...   0
pivotaldata/centos-gcc-toolchain   CentOS with a toolchain, but unaffiliated ...   0
pivotaldata/centos                 Base centos, freshened up a little with a ...   0
jameseckersall/sonarr-centos       Sonarr on CentOS 7                              0                    [OK]
test@bsd11:~ %

 

Docoker Test

test@bsd11:~ % docker run -it ubuntu bash
root@:/# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.3 LTS"
root@:/#

 

error message 

볼륨연결 실패

test@bsd11:~ % docker run -d --name mysql -v mysql:/db -e MYSQL_ROOT_PASSWORD=wordpress -e MYSQL_DATABASE=wordpress -e MYSQL_USER=wordpress -e MYSQL_PASSWORD=wordpress mysql:5.7
Error response from daemon: cannot bind mount volume: mysql volume paths must be absolute.
test@bsd11:~ %

 

mariadb 구동 실패

test@bsd11:~ % docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=true --name mariadb mariadb
b58d150e823f28c8a5db20aa41584340b6bc23bf7b854dd1f54958877c7c4d80
test@bsd11:~ % docker  ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
test@bsd11:~ % docker ps -a
CONTAINER ID        IMAGE               COMMAND                CREATED             STATUS                      PORTS               NAMES
b58d150e823f        mariadb             "docker-entrypoint.s   3 seconds ago       Exited (1) 2 seconds ago                        mariadb     
b84ca391ae79        mysql               "docker-entrypoint.s   58 seconds ago      Exited (1) 58 seconds ago                       mysql       
test@bsd11:~ %

 

결론:

실험적으로 사용 하는것을 권장 합니다.

 

 

FreeBSD gnome3 , kde4 , xfce4 설치 문서 입니다.

pkg install 로 설치 하였고 Test는 VM환경에서 하였습니다.

ports Collection 을 이용하여 설치 하여도 되지만 시간이 오래 걸리는 관계로 pkg install 로 진행 하였습니다.

ports 업데이트 -> xorg 설치및 gnome3 설치전까지는 gnome3 / kde4 / xfce4 동일한 설정 입니다.

 

 

ports 업데이트 

root@bsd11:~ # portsnap fetch
root@bsd11:~ # portsnap update
root@bsd11:~ # portsnap fetch update

 

Xorg 참고 페이지 : https://www.freebsd.org/doc/handbook/x-understanding.html

 

xorg 설치 

root@bsd11:~ # pkg install xorg

 

설치 완료 메세지

================================================================================
You installed xterm with wide chars support. This introduces some limitations
comparing to the plain single chars version: this version of xterm will use
UTF-8 charset for selection buffers, breaking 8-bit copy/paste support unless
you are using UTF-8 or ISO8859-1 locale. If you want 8-bit charset selections to
work as before, use "eightBitSelectTypes" XTerm resource setting.

For further information refer to the SELECT/PASTE section of xterm(1) manual
page.
================================================================================

 

 

X윈도우 사용시 3D가속 사용을 위한 wheel group 추가 

root@bsd11:~ # pw user add user_name -m -g wheel
oot@bsd11:~ # pw groupmod video -m user_name 

 

boot loader  추가 

root@bsd11:~ # vi /boot/loader.conf
kern.vty=vt
kern.maxfiles="25000"

 

xorg-drivers 설치 (드라이버를 설치 하지 않을경우 정상적으로 Xorg 가 작동하지 않습니다.)

root@bsd11:~ # pkg install xorg-drivers
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 5 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        xorg-drivers: 7.7_5
        xf86-video-vesa: 2.3.4_1
        xf86-video-scfb: 0.0.4_5
        xf86-input-mouse: 1.9.2_1
        xf86-input-keyboard: 1.9.0_1

Number of packages to be installed: 5

Proceed with this action? [y/N]: y
[1/5] Installing xf86-video-vesa-2.3.4_1...
[1/5] Extracting xf86-video-vesa-2.3.4_1: 100%
[2/5] Installing xf86-video-scfb-0.0.4_5...
[2/5] Extracting xf86-video-scfb-0.0.4_5: 100%
[3/5] Installing xf86-input-mouse-1.9.2_1...
[3/5] Extracting xf86-input-mouse-1.9.2_1: 100%
[4/5] Installing xf86-input-keyboard-1.9.0_1...
[4/5] Extracting xf86-input-keyboard-1.9.0_1: 100%
[5/5] Installing xorg-drivers-7.7_5...
root@bsd11:~ #

 

 

open-vm-tools 설치 (vmware 해당)

root@bsd11:~ # pkg install open-vm-tools
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 6 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        open-vm-tools: 10.1.10_4,2
        gtkmm24: 2.24.4_3
        xerces-c3: 3.2.0_2
        apache-xml-security-c: 1.7.3
        libdnet: 1.12_1
        libmspack: 0.5

Number of packages to be installed: 6

The process will require 36 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/6] Fetching open-vm-tools-10.1.10_4,2.txz: 100%  563 KiB 576.1kB/s    00:01
[2/6] Fetching gtkmm24-2.24.4_3.txz: 100%    1 MiB   1.3MB/s    00:01
[3/6] Fetching xerces-c3-3.2.0_2.txz: 100%    2 MiB   2.1MB/s    00:01
[4/6] Fetching apache-xml-security-c-1.7.3.txz: 100%  703 KiB 719.8kB/s    00:01
[5/6] Fetching libdnet-1.12_1.txz: 100%   64 KiB  65.6kB/s    00:01
[6/6] Fetching libmspack-0.5.txz: 100%   73 KiB  74.6kB/s    00:01
Checking integrity... done (0 conflicting)
[1/6] Installing xerces-c3-3.2.0_2...
[1/6] Extracting xerces-c3-3.2.0_2: 100%
[2/6] Installing gtkmm24-2.24.4_3...
[2/6] Extracting gtkmm24-2.24.4_3: 100%
[3/6] Installing apache-xml-security-c-1.7.3...
[3/6] Extracting apache-xml-security-c-1.7.3: 100%
[4/6] Installing libdnet-1.12_1...
[4/6] Extracting libdnet-1.12_1: 100%
[5/6] Installing libmspack-0.5...
[5/6] Extracting libmspack-0.5: 100%
[6/6] Installing open-vm-tools-10.1.10_4,2...
Extracting open-vm-tools-10.1.10_4,2: 100%
Loading vmmemctl kernel module: done.
vmware_guestd not running? (check /var/run/vmware_guestd.pid).
Starting vmware_guestd.
root@bsd11:~ #

 

/etc/rc.conf 설정 (vmware 해당)

root@bsd11:~ # vi /etc/rc.conf
# Vmware Settings
vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="YES"
vmware_guest_vmmemctl_enable="YES"
vmware_guest_vmxnet_enable="YES"
vmware_guestd_enable="YES"

 

xf86-video-vmware xf86-input-vmmouse 설치 (vmware 만 해당)

root@bsd11:~ # pkg install xf86-video-vmware xf86-input-vmmouse
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        xf86-video-vmware: 13.2.1_1
        xf86-input-vmmouse: 13.1.0_1

Number of packages to be installed: 2

34 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/2] Fetching xf86-video-vmware-13.2.1_1.txz: 100%   24 KiB  24.2kB/s    00:01 
[2/2] Fetching xf86-input-vmmouse-13.1.0_1.txz: 100%   10 KiB  10.5kB/s    00:01
Checking integrity... done (0 conflicting)
[1/2] Installing xf86-video-vmware-13.2.1_1...
[1/2] Extracting xf86-video-vmware-13.2.1_1: 100%
[2/2] Installing xf86-input-vmmouse-13.1.0_1...
Extracting xf86-input-vmmouse-13.1.0_1: 100%
root@bsd11:~ #

 

리부팅후 Xorg 설정

root@bsd11:~ # init 6

 

xorg.conf 파일생성

별도의 설정을 만들지 않아도 작동은 하지만 vmware 의경우 마우스 감도가 떨어져 별도로 수정을 해줍니다.

root@bsd11:~ # Xorg -configure

X.Org X Server 1.18.4
Release Date: 2016-07-19
X Protocol Version 11, Revision 0
Build Operating System: FreeBSD 11.0-RELEASE-p15 amd64
Current Operating System: FreeBSD bsd11 11.1-RELEASE FreeBSD 11.1-RELEASE #0 r321309: Fri Jul 21 02:08:28 UTC 2017     root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
Build Date: 16 November 2017  09:17:14AM

Current version of pixman: 0.34.0
        Before reporting problems, check http://wiki.x.org
        to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Nov 26 03:20:57 2017
List of video drivers:
        vmware
        vesa
        modesetting
        scfb
scfb trace: probe start
(++) Using config file: "/root/xorg.conf.new"
(==) Using system config directory "/usr/local/share/X11/xorg.conf.d"


Xorg detected your mouse at device /dev/sysmouse.
Please check your config if the mouse is still not
operational, as by default Xorg tries to autodetect
the protocol.

Your xorg.conf file is /root/xorg.conf.new

 

xorg.conf.new 파일을 카피

root@bsd11:~ # cp xorg.conf.new /usr/local/etc/X11/xorg.conf.d/xorg.conf

 

xorg.conf 파일 설정

root@bsd11:~ # vi /usr/local/etc/X11/xorg.conf.d/xorg.conf
Section "ServerLayout"
        Identifier     "X.org Configured"
        Screen      0  "Screen0" 0 0
        InputDevice    "Mouse0" "CorePointer"
        InputDevice    "Keyboard0" "CoreKeyboard"
        Option          "AutoAddDevices" "Off"
EndSection

Section "Files"
        ModulePath   "/usr/local/lib/xorg/modules"
        FontPath     "/usr/local/share/fonts/misc/"
        FontPath     "/usr/local/share/fonts/TTF/"
        FontPath     "/usr/local/share/fonts/OTF/"
        FontPath     "/usr/local/share/fonts/Type1/"
        FontPath     "/usr/local/share/fonts/100dpi/"
        FontPath     "/usr/local/share/fonts/75dpi/"
EndSection

Section "Module"
        Load  "glx"
EndSection

Section "InputDevice"
        Identifier  "Keyboard0"
        Driver      "kbd"
EndSection

Section "InputDevice"
        Identifier  "Mouse0"
        Driver      "vmmouse"
        Option      "Protocol" "auto"
        Option      "Device" "/dev/sysmouse"
        Option      "ZAxisMapping" "4 5 6 7"
EndSection

 

Secriton “ServerLayout” 에서 Option 을 추가하여 자동으로 Device 가 추가 되는것을 방지 합니다.

 

Section “InputDevice” 에서

mount 를 vmmouse 로 변경 합니다.

 

 

 

Gnome3 install 

pkg 명령어를 이용하여 install  합니다.

root@bsd11:~ # pkg install gnome3

 

설치 완료 메세지

===========================================================================

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py36-gdbm       databases/py36-gdbm
py36-sqlite3    databases/py36-sqlite3
py36-tkinter    x11-toolkits/py36-tkinter

===========================================================================
Message from xmlcatmgr-2.2_2:

The following catalogs are installed:

 1) /usr/local/share/sgml/catalog

   The top level catalog for SGML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 2) /usr/local/share/sgml/catalog.ports

   This catalog is for handling SGML stuff installed under
   /usr/local/share/sgml.  It is changed by ports/packages.

 3) /usr/local/share/xml/catalog

   The top level catalog for XML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 4) /usr/local/share/xml/catalog.ports

   This catalog is for handling XML stuff installed under
   /usr/local/share/xml.  It is changed by ports/packages.
Message from trousers-0.3.14_1:

To run tcsd automatically, add the following line to /etc/rc.conf:

tcsd_enable="YES"

You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:

tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"

To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
Message from libinotify-20170711_1:

============================================================================

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

    kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_9:

===============================================================================

Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:

    kern.maxfiles="25000"

The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10

===============================================================================

===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-0.94:

===>   NOTICE:

The libcdio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba44-4.4.16:

===============================================================================

How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

===============================================================================
Message from webcamd-4.12.0.1:

*********************************************************************
1) webcamd requires the cuse4bsd(3) or cuse(3) kernel module, depending on
how webcamd was compiled. Please load this dependency by doing:

       # FreeBSD < 11.x, package from ports
       # kldload cuse4bsd
or
       # FreeBSD >= 11.x, part of default kernel build
       # kldload cuse

or by adding

       cuse4bsd_load="YES"
or
       cuse_load="YES"

to your /boot/loader.conf.

2) add webcamd_enable="YES"

to your /etc/rc.conf

3) Please restart devd to start webcamd

        # service devd restart

4) Optionally add a user to the "webcamd" group

        # pw groupmod webcamd -m <username>

5) If webcamd still did not start, consult the installed webcamd rc.d
script for more help and instructions on how to start webcamd.
*********************************************************************
Message from wv-1.2.9_4:

*******************************************************************

Some output formats (for example: DVI, PDF, and PS) require a LaTeX
implementation, such as print/teTeX, to be installed. Text output
will be of better quality if www/elinks, www/links, or www/lynx is
installed.

*******************************************************************

===>   NOTICE:

The wv port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from raptor-1.4.21_6:

===>   NOTICE:

The raptor port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-paranoia-10.2+0.94+1:

===>   NOTICE:

The libcdio-paranoia port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from fusefs-libs-2.9.5:

Install the fuse kernel module to use this port.
Message from ibus-1.5.14_3:

-------------------------------------------------------------------
ibus installation finished. To use ibus, please do the following:

If you are using bash, please add following lines to your $HOME/.bashrc:

export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

If you are using tcsh, please add following lines to your $HOME/.cshrc:

setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

If you are using KDE4, you may create a shell script in $HOME/.kde4/env,
and add following lines:

#!/bin/sh
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

Following input methods/engines are available in ports:

chinese/ibus-chewing            Chewing engine for IBus
chinese/ibus-libpinyin          Intelligent Pinyin engine based on libpinyin
chinese/ibus-pinyin             The PinYin input method
japanese/ibus-anthy             Anthy engine for IBus
japanese/ibus-mozc              Mozc engine for IBus
japanese/ibus-skk               SKK engine for IBus
korean/ibus-hangul              Hangul engine for IBus
textproc/ibus-kmfl              KMFL IMEngine for IBus framework
textproc/ibus-table             Table based IM framework for IBus
textproc/ibus-typing-booster    Faster typing by context sensitive completion

and QT4 input method module, textproc/ibus-qt.

If ibus cannot start or the panel does not appear, please ensure
that you are using up-to-date python.
-------------------------------------------------------------------
Message from pulseaudio-11.0_1:

Pulseaudio tries to determine default values for FreeBSD OSS driver at first
start, based on /dev/sndstat output. The hw.snd.default_unit sysctl may affect
these values, but restart of the Pulseaudio might be needed to rescan it again,
e.g. `pacmd exit`.

Pulseaudio has separate input and output configure lines. You can change them
with using following commands:

To change the default sink (output):
# pacmd set-default-sink 3
To change the default source (input):
# pacmd set-default-source 3

This can also be set in /usr/local/etc/pulse/default.pa

Replace the number '3' with the new default you want to set.


The audio/freedesktop-sound-theme is needed if the default sound files
are uncommented in the /usr/local/etc/pulse/default.pa file.
Message from glew-1.13.0_1:

===>   NOTICE:

The glew port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from freeglut-3.0.0_1:

Joystick support is untested and it is unknown if it works.

Do not hesitate to contact x11@FreeBSD.org if this causes issues.
Message from ghostscript9-agpl-base-9.16_5:

Note: in order to use the script "dvipdf", dvips must be installed.
This program is provided by another package print/tex-dvipsk.

FAPIfontmap and FAPIcidfmap in /usr/local/share/ghostscript/9.16/Resource/Init
have to be configured if you want to use FAPI feature.
Message from schroedinger-1.0.11_4:

===>   NOTICE:

The schroedinger port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from opencv-core-2.4.13.1_1:

===>   NOTICE:

The opencv-core port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from aalib-1.4.r5_11:

===>   NOTICE:

The aalib port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from portaudio-19.20140130_6:

===>   NOTICE:

The portaudio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from cheese-3.18.1_2:

For cheese to work, webcamd needs to be running and the user which wants
to run cheese needs to be added to the webcamd group.

This can be done by:

# pw groupmod webcamd -m jerry
Message from libgtop-2.32.0:

===============================================================================

In order to use the File System read/write monitor, you must chmod
/dev/devstat so that all users can open it read-only.  For example:

# chmod 0444 /dev/devstat

In order for this to persist across reboots, add the following to
/etc/devfs.conf:

perm    devstat 0444

===============================================================================
Message from djvulibre-3.5.27_1:

===>   NOTICE:

The djvulibre port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from sdl-1.2.15_10,2:

------------------------------------------------------------------------------
 Your SDL library has been built with libvgl support, which means that you
 can run almost any SDL application straight on your console (VESA 2.0
 compatible videocard is required).

 To do this you have to load the vesa kernel module or enable it in your
 kernel, and set environment variable "SDL_VIDEODRIVER=vgl".
------------------------------------------------------------------------------

===>   NOTICE:

The sdl port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libdca-0.0.5_1:

===>   NOTICE:

The libdca port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from py36-setuptools-36.2.2:

*******************************************************************

  Only /usr/local/bin/easy_install-3.6 script has been installed
  since Python 3.6 is not the default Python version.

*******************************************************************
Message from dotconf-1.3_1:

===>   NOTICE:

The dotconf port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from cyrus-sasl-2.1.26_12:

You can use sasldb2 for authentication, to add users use:

        saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
Message from cdrtools-3.01_1:

===========================================================================

Note: The location of the cdrtools `defaults' files has been set to

        /usr/local/etc

This is the FreeBSD ports standard config file location, NOT the cdrtools
standard location, which is /etc/default.

The reason for this is that FreeBSD ports and packages should not use
configuration files outside of /usr/local.

===========================================================================
Message from spandsp-0.0.6:

===>   NOTICE:

The spandsp port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from boost-libs-1.65.1:

You have built the Boost library with thread support.

Don't forget to add -pthread to your linker options when
linking your code.
Message from unoconv-0.6:

===============================================================================

Universal Office Converter (unoconv) has been installed.

For Document conversions is needed that is LibreOffice or OpenOffice installed

editors/libreoffice

editors/openoffice*

===============================================================================
Message from gnome-shell-3.18.5_4:

Gnome-shell requires acceleration of to work. For this a nvidia card
with the nvidia-driver, or a Intel/ATI KMS enabled card is needed.

For the nvidia users no other changes are needed. For Intel/ATI KMS
driver the user needs to have read/write permissions on
/dev/dri/cardN (usually N=0). If gnome-shell is launched from gdm, the
gdm user also needs this access.

Access can be granted by adding the user(s) to the video group.

% pw groupmod video -m jerry

Additional for FreeBSD versions before FreeBSD 11.0-CURRENT revision
286524, and any FreeBSD 10.x version.

By using a devfs.rules(5) to change the mode of the /dev/dri/card0 on creation.

        add path 'dri/*' mode 0666 group video
Message from xterm-330:

================================================================================
You installed xterm with wide chars support. This introduces some limitations
comparing to the plain single chars version: this version of xterm will use
UTF-8 charset for selection buffers, breaking 8-bit copy/paste support unless
you are using UTF-8 or ISO8859-1 locale. If you want 8-bit charset selections to
work as before, use "eightBitSelectTypes" XTerm resource setting.

For further information refer to the SELECT/PASTE section of xterm(1) manual
page.
================================================================================
Message from gnome-keyring-3.18.3_4:

Gnome-keyring uses pinentry-gnome3 for gpg interactions, please add the
following line to your ~/.gnupg/gpg-agent.conf to enable the pinentry
dialog.

pinentry-program /usr/local/bin/pinentry-gnome3
Message from dvd+rw-tools-7.1_1:

===>   NOTICE:

The dvd+rw-tools port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from gdm-3.16.4_3:

GDM is installed.

Do _NOT_ use /etc/ttys to start gdm at boot time.  This will result in gdm
hanging or restarting constantly. Instead, add gdm_enable="YES" to
/etc/rc.conf. GDM will be started automatic on the next reboot.
Message from bitstream-vera-1.10_7:

IMPORTANT - READ CAREFULLY: Please read the COPYRIGHT included with these fonts
before using.  The copyright can be found at /usr/local/share/fonts/bitstream-vera/COPYRIGHT.TXT.  To
use these fonts, follow the instructions below.

Make sure that the freetype module is loaded.  If it is not, add the following
line to the "Modules" section of your X Windows configuration file:

        Load "freetype"

Add the following line to the "Files" section of X Windows configuration file:

        FontPath "/usr/local/share/fonts/bitstream-vera/"

Note: your X Windows configuration file is typically /etc/X11/xorg.conf
Message from gnome3-3.18.0:

**************************************************************************
Congratulations!  GNOME 3 has been successfully installed on your system.
For help on starting it up, as well as answers to common questions, and
some known issues, please see the FreeBSD GNOME homepage at:

                       http://www.FreeBSD.org/gnome/

**************************************************************************
root@bsd11:~ #

 

FreeBSD 의 경우 pkg 가 설치 되고 나면 설정 포인트가 나옵니다.

설치 완료후에 별도로 완료 메시지만 보실 경우에는 아래와 같은 방법으로 보실수 있습니다.

ex) gnome3

root@bsd11:~ # pkg info -D -x gnome3
gnome3-3.18.0:
Always:
**************************************************************************
Congratulations!  GNOME 3 has been successfully installed on your system.
For help on starting it up, as well as answers to common questions, and
some known issues, please see the FreeBSD GNOME homepage at:

                       http://www.FreeBSD.org/gnome/

**************************************************************************

pinentry-gnome3-1.0.0:
root@bsd11:~ #

 

ex) ibus

root@bsd11:~ # pkg info -D -x ibus
ibus-1.5.14_3:
Always:
-------------------------------------------------------------------
ibus installation finished. To use ibus, please do the following:

If you are using bash, please add following lines to your $HOME/.bashrc:

export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

If you are using tcsh, please add following lines to your $HOME/.cshrc:

setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

If you are using KDE4, you may create a shell script in $HOME/.kde4/env,
and add following lines:

#!/bin/sh
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

Following input methods/engines are available in ports:

chinese/ibus-chewing            Chewing engine for IBus
chinese/ibus-libpinyin          Intelligent Pinyin engine based on libpinyin
chinese/ibus-pinyin             The PinYin input method
japanese/ibus-anthy             Anthy engine for IBus
japanese/ibus-mozc              Mozc engine for IBus
japanese/ibus-skk               SKK engine for IBus
korean/ibus-hangul              Hangul engine for IBus
textproc/ibus-kmfl              KMFL IMEngine for IBus framework
textproc/ibus-table             Table based IM framework for IBus
textproc/ibus-typing-booster    Faster typing by context sensitive completion

and QT4 input method module, textproc/ibus-qt.

If ibus cannot start or the panel does not appear, please ensure
that you are using up-to-date python.
-------------------------------------------------------------------

root@bsd11:~ #

 

해당 포트 디렉토리에서도 확인 가능 합니다. (Ports 설치시)

pkg-message file

 

설지 완료후 나온 메시지를 보면 2가지 정도의 셋팅이 필요 할것으로 보입니다.

libinotify , ibus 설정 gnome3 의 경우 FreeBSD handbook 을 이용하여 셋팅 합니다.

libinotify 설정

root@bsd11:~ # vi /boot/loader.conf
kern.vty=vt
kern.maxfiles="25000"

 

ibus 설정

c shell 사용시 (tcsh 동일)

root@bsd11:~ # vi .cshrc
setenv XIM ibus
setenv GTK_IM_MODULE ibus
setenv QT_IM_MODULE xim
setenv XMODIFIERS @im=ibus
setenv XIM_PROGRAM ibus-daemon
setenv XIM_ARGS "--daemonize --xim"

 

bash 사용시 

root@bsd11:~ # vi .bashrc
export XIM=ibus
export GTK_IM_MODULE=ibus
export QT_IM_MODULE=xim
export XMODIFIERS=@im=ibus
export XIM_PROGRAM="ibus-daemon"
export XIM_ARGS="--daemonize --xim"

 

 

FreeBSD handbook 참고: https://www.freebsd.org/doc/handbook/x11-wm.html

 

proc filesystem 추가

root@bsd11:~ # vi /etc/fstab
proc        /proc               procfs  rw      0       0

 

실행스크립트 설정 /etc/rc.conf

root@bsd11:~ # vi /etc/rc.conf
# Gnome Settings
dbus_enable="YES"
hald_enable="YES"
gdm_enable="YES"
gnome_enable="YES"
moused_enable="YES"

 

.xsession 파일 생성 (gdm_enable 시 자동으로 gnome3 가 구동 됩니다.)

root@bsd11:~ # echo "exec /usr/local/bin/gnome-session" > ~/.xsession
root@bsd11:~ # chmod +x .xsession

 

 

 

 

시스템 리부팅후 Gnome3 로그인화면을 볼수 있습니다.

 

chsh 로 Username 편집후 확인 

root@bsd11:~ # su - test
Need to quickly return to your home directory? Type "cd".
                -- Dru <genesis@istar.ca>
$ chsh test

#Changing user information for test.
Shell: /bin/sh
Full Name: User &
Office Location:
Office Phone:
Home Phone:
Other information:

Full Name: User & 에서 User_name 으로 변경 합니다.

ex)test

rebooting 후 확인

 

 

 

추가적인 방법 Gnome User list Disable

User & 부분이 신경쓰여 Gnome User list 를 Disable 합니다.

설정 (파일이 없어 별도로 만들어 줍니다.)

root@bsd11:~ # vi /usr/local/etc/dconf/profile/gdm

user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults

root@bsd11:~ # mkdir /usr/local/etc/dconf/db/gdm.d
root@bsd11:~ # mkdir /usr/local/etc/dconf/db/gdm.d/00-login-screen
[org/gnome/login-screen]
# Do not show the user list
disable-user-list=true


root@bsd11:~ # dconf update
root@bsd11:~ #

 

rebooting 후 확인

 

 

KDE 설치 

공통 부분의 경우 gnome3 설치전까지 입니다.

xorg 설치 및 설정이 필요 합니다.

 

root@bsd11:~ # pkg install x11/kde4
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 414 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        kde: 4.14.3_1
        kde-workspace: 4.11.22_12
        xsetroot: 1.1.1
        gcc6: 6.4.0_2
        gcc-ecj: 4.5
        mysql56-client: 5.6.37_1
        libevent: 2.1.8
        xmessage: 1.0.4
        xcb-util-keysyms: 0.4.0_1
        xcb-util-image: 0.4.0_1
        qimageblitz: 0.0.6_2
        qt4-gui: 4.8.7_3
        qtchooser: 39
        qt4-corelib: 4.8.7_9
~ 중략

 

proc filesystem 추가 

root@bsd11:~ # vi /etc/fstab
proc            /proc           procfs          rw      0       0

 

/etc/rc.conf 실행스크립트 추가 

root@bsd11:~ # vi /etc/rc.conf
# KDE Settings
dbus_enable="YES"
hald_enable="YES"
kdm4_enable="YES"
moused_enable="YES"

 

ibus 의 경우 default 로 설치가 진행되지 않았습니다.

 

리부팅 후 확인

 

 

xfce4 설치

공통 부분의 경우 gnome3 설치전까지 입니다.

xorg 설치 및 설정이 필요 합니다.

 

root@bsd11:~ # pkg install xfce

 

 

설치 완료후 메세지

The following catalogs are installed:

 1) /usr/local/share/sgml/catalog

   The top level catalog for SGML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 2) /usr/local/share/sgml/catalog.ports

   This catalog is for handling SGML stuff installed under
   /usr/local/share/sgml.  It is changed by ports/packages.

 3) /usr/local/share/xml/catalog

   The top level catalog for XML stuff.  It is not changed
   by any ports/packages except textproc/xmlcatmgr.

 4) /usr/local/share/xml/catalog.ports

   This catalog is for handling XML stuff installed under
   /usr/local/share/xml.  It is changed by ports/packages.
Message from python36-3.6.2_1:

===========================================================================

Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:

py36-gdbm       databases/py36-gdbm
py36-sqlite3    databases/py36-sqlite3
py36-tkinter    x11-toolkits/py36-tkinter

===========================================================================
Message from libcdio-0.94:

===>   NOTICE:

The libcdio port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libinotify-20170711_1:

============================================================================

Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

=============================================================================
You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.

If the default on your system is too low, add the following line to
/boot/loader.conf, then reboot the system:

    kern.maxfiles="25000"
=============================================================================
Message from gamin-0.1.10_9:

===============================================================================

Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

For a typical desktop, add the following line to /boot/loader.conf, then
reboot the system:

    kern.maxfiles="25000"

The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10

===============================================================================

===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from libcdio-paranoia-10.2+0.94+1:

===>   NOTICE:

The libcdio-paranoia port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
Message from samba44-4.4.16:

===============================================================================

How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

===============================================================================
Message from xfce4-tumbler-0.2.0:

To override the default configuration, you must copy the rc-file:

        mkdir ~/.config/tumbler
        cp /usr/local/etc/xdg/tumbler/tumbler.rc ~/.config/tumbler

The COVER plugin requires manual configuration.

For more information see http://docs.xfce.org/xfce/thunar/tumbler
Message from xfce4-terminal-0.8.6:

Some options could need manual change to ~/.config/xfce4/terminal/terminalrc:

To reduce the height of tabs, add the hidden 'MiscSlimTabs' option:

MiscSlimTabs=TRUE

By default this option is not defined.

If you have configured a custom color cursor you will also need to add:

ColorCursorUseDefault=FALSE

to have such configuration still working, otherwise reconfigure the color
in the GUI.

Keep in mind, when you change an option in Preferences window, this file
is overwritten.
Message from xfce4-session-4.12.1_4:

To be able to shutdown or reboot your system, you'll have to add .rules
files in /usr/local/etc/polkit-1/rules.d directory. Which looks
like this (replace PUTYOURGROUPHERE by your group):

polkit.addRule(function (action, subject) {
  if ((action.id == "org.freedesktop.consolekit.system.restart" ||
      action.id == "org.freedesktop.consolekit.system.stop")
      && subject.isInGroup("PUTYOURGROUPHERE")) {
    return polkit.Result.YES;
  }
});

For those who have working suspend/resume:

polkit.addRule(function (action, subject) {
  if (action.id == "org.freedesktop.consolekit.system.suspend"
      && subject.isInGroup("PUTYOURGROUPHERE")) {
    return polkit.Result.YES;
  }
});
root@bsd11:~ #

 

proc filesystem 추가 

root@bsd11:~ # vi /etc/fstab
proc            /proc           procfs          rw      0       0

 

xfce4 실행 스크립트 작성 (사용하는 유저로 작업을 해야 합니다.)

root@bsd11:~ # su - test
$ echo "#!/bin/sh" > ~/.xsession
$ echo "exec /usr/local/bin/startxfce4 --with-ck-launch" >> ~/.xinitrc
$ chmod +x ~/.xinitrc

 

slim install (Simple Login Manager)

xfce 의 경우 로그인 화면을 따로 제공하지 않기 때문에 slim 을 설치 합니다. 

root@bsd11:~ # pkg install slim

 

/etc/rc.conf 실행스크립트 추가 

# Xfce4 Settings
dbus_enable="YES"
hald_enable="YES"
slim_enable="YES"
moused_enable="YES"

 

리부팅후 확인

 

 

기본적인 FreeBSD Desktop 설정이 끝났습니다.

한글설정의 경우 ibus 또는 scim 을 이용해야 할것 같습니다.