Openstack Rocky でプライベートクラウドを構築する!(7)

前回に引き続き Horizon のインストールと設定を行っていきます。

環境

ソフト

  • Ubuntu 18.04.1 Server 64bit
  • Openstack Rocky

ハード

※仮想マシンでもいけました。

  • CPUx2
  • MEM 8G
  • SSD 30G
  • NIC 2 枚

IP 構成

  • コントローラー ( vm-nfj-osctrln1 )
  • 公開用 ( 外部 ):10.1.55.11/16
  • 管理用 ( 内部 ):10.2.55.11/16
  • コンピュート ( vm-nfj-oscomp1 )
  • 公開用 ( 外部 ):10.1.55.21/16
  • 管理用 ( 内部 ):10.2.55.21/16

Horizonのインストール

パッケージのインストール

$ sudo apt install openstack-dashboard

/etc/openstack-dashboard/local_settings.py の編集

Ubuntu 18.04 のデフォルトでは、OPENSTACK_HOST には 127.0.0.1 、ALLOWED_HOSTS には * に設定されています。

OPENSTACK_HOST

OPENSTACK_HOST にコントローラーノードを指定

OPENSTACK_HOST = "vm-nfj-osctrln1"
ALLOWED_HOSTS

ALLOWED_HOSTS にダッシュボードにアクセスを許可するホストを設定します。* を設定するとどこからでも許可になります。

# By default, validation of the HTTP Host header is disabled.  Production
# installations should have this set accordingly.  For more information
# see https://docs.djangoproject.com/en/dev/ref/settings/.
ALLOWED_HOSTS = '*'
memcached セッションストレージサービスの設定を追記

デフォルトでは記載がなかったので追記します。

# memcached session storage service
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'vm-nfj-osctrln1:11211',
    }
}
API バージョン指定

Ubuntu 18.04 ではデフォルトで v3 利用になっていました。

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT

Ubuntu 18.04 ではデフォルトで False になっていましたので、True を設定します。

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS

Ubuntu 18.04 ではデフォルトで雛形がありコメントアウトされていますので、必要箇所だけコメントを削除します。

 58 # Overrides for OpenStack API versions. Use this setting to force the
 59 # OpenStack dashboard to use a specific API version for a given service API.
 60 # Versions specified here should be integers or floats, not strings.
 61 # NOTE: The version should be formatted as it appears in the URL for the
 62 # service API. For example, The identity service APIs have inconsistent
 63 # use of the decimal point, so valid options would be 2.0 or 3.
 64 # Minimum compute version to get the instance locked status is 2.9.
 65 OPENSTACK_API_VERSIONS = {
 66 #    "data-processing": 1.1,
 67     "identity": 3,
 68     "image": 2,
 69     "volume": 2,
 70 #    "compute": 2,
 71 }
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN

Ubuntu 18.04 ではデフォルトで雛形があり Default が設定されコメントアウトされていますのでコメントを削除します。

 92 # Overrides the default domain used when running on single-domain model
 93 # with Keystone V3. All entities will be created in the default domain.
 94 # NOTE: This value must be the name of the default domain, NOT the ID.
 95 # Also, you will most likely have a value in the keystone policy file like this
 96 #    "cloud_admin": "rule:admin_required and domain_id:"
 97 # This value must be the name of the domain whose ID is specified there.
 98 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_KEYSTONE_DEFAULT_ROLE

Ubuntu 18.04 ではデフォルトで _member_ と設定されていましたので、user に変更します。
変更前:

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"

変更後

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK

Ubuntu 18.04 ではデフォルトで router, quotas, ipv6 が有効になっていますが、neutron の設定で L3 ネットワーキングサービスを起動していない場合は無効にしておきます。
変更前:

315 # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
316 # services provided by neutron. Options currently available are load
317 # balancer service, security groups, quotas, VPN service.
318 OPENSTACK_NEUTRON_NETWORK = {
319     'enable_router': True,
320     'enable_quotas': True,
321     'enable_ipv6': True,
322     'enable_distributed_router': False,
323     'enable_ha_router': False,
324     'enable_fip_topology_check': True,
325 
326     # Default dns servers you would like to use when a subnet is
327     # created.  This is only a default, users can still choose a different
328     # list of dns servers when creating a new subnet.
329     # The entries below are examples only, and are not appropriate for
330     # real deployments
331     # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
332 
333     # Set which provider network types are supported. Only the network types
334     # in this list will be available to choose from when creating a network.
335     # Network types include local, flat, vlan, gre, vxlan and geneve.
336     # 'supported_provider_types': ['*'],
337 
338     # You can configure available segmentation ID range per network type
339     # in your deployment.
340     # 'segmentation_id_range': {
341     #     'vlan': [1024, 2048],
342     #     'vxlan': [4094, 65536],
343     # },
344 
345     # You can define additional provider network types here.
346     # 'extra_provider_types': {
347     #     'awesome_type': {
348     #         'display_name': 'Awesome New Type',
349     #         'require_physical_network': False,
350     #         'require_segmentation_id': True,
351     #     }
352     # },
353 
354     # Set which VNIC types are supported for port binding. Only the VNIC
355     # types in this list will be available to choose from when creating a
356     # port.
357     # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
358     # 'baremetal' and 'virtio-forwarder'
359     # Set to empty list or None to disable VNIC type selection.
360     'supported_vnic_types': ['*'],
361 
362     # Set list of available physical networks to be selected in the physical
363     # network field on the admin create network modal. If it's set to an empty
364     # list, the field will be a regular input field.
365     # e.g. ['default', 'test']
366     'physical_networks': [],
367 
368 }

変更後:

318 OPENSTACK_NEUTRON_NETWORK = {
319     'enable_router': False,
320     'enable_quotas': False,
321     'enable_ipv6': False,
322     'enable_distributed_router': False,
323     'enable_ha_router': False,
324     'enable_fip_topology_check': True,
325 
326     # Default dns servers you would like to use when a subnet is
327     # created.  This is only a default, users can still choose a different
328     # list of dns servers when creating a new subnet.
329     # The entries below are examples only, and are not appropriate for
330     # real deployments
331     # 'default_dns_nameservers': ["8.8.8.8", "8.8.4.4", "208.67.222.222"],
332 
333     # Set which provider network types are supported. Only the network types
334     # in this list will be available to choose from when creating a network.
335     # Network types include local, flat, vlan, gre, vxlan and geneve.
336     # 'supported_provider_types': ['*'],
337 
338     # You can configure available segmentation ID range per network type
339     # in your deployment.
340     # 'segmentation_id_range': {
341     #     'vlan': [1024, 2048],
342     #     'vxlan': [4094, 65536],
343     # },
344 
345     # You can define additional provider network types here.
346     # 'extra_provider_types': {
347     #     'awesome_type': {
348     #         'display_name': 'Awesome New Type',
349     #         'require_physical_network': False,
350     #         'require_segmentation_id': True,
351     #     }
352     # },
353 
354     # Set which VNIC types are supported for port binding. Only the VNIC
355     # types in this list will be available to choose from when creating a
356     # port.
357     # VNIC types include 'normal', 'direct', 'direct-physical', 'macvtap',
358     # 'baremetal' and 'virtio-forwarder'
359     # Set to empty list or None to disable VNIC type selection.
360     'supported_vnic_types': ['*'],
361 
362     # Set list of available physical networks to be selected in the physical
363     # network field on the admin create network modal. If it's set to an empty
364     # list, the field will be a regular input field.
365     # e.g. ['default', 'test']
366     'physical_networks': [],
367 
368 }
TIME_ZONE

必要な場合はタイムゾーンを設定しておきます。Ubuntu 18.04 ではデフォルトで UTC になっていました。

456 # The timezone of the server. This should correspond with the timezone
457 # of your entire OpenStack installation, and hopefully be in UTC.
458 TIME_ZONE = "UTC"

/etc/apache2/conf-available/openstack-dashboard.conf の設定

WSGIApplicationGroup の行が含まれていない場合は追記しておきます。Ubuntu 18.04 ではデフォルトで含まれていました。

WSGIScriptAlias /horizon /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py process-group=horizon
WSGIDaemonProcess horizon user=horizon group=horizon processes=3 threads=10 display-name=%{GROUP}
WSGIProcessGroup horizon
WSGIApplicationGroup %{GLOBAL}

Alias /static /var/lib/openstack-dashboard/static/
Alias /horizon/static /var/lib/openstack-dashboard/static/


  Require all granted



  Require all granted

Webサーバーの再起動

$ sudo service apache2 reload

WebUI への接続

ブラウザを起動し、http://10.2.55.11/horizon/ にアクセス、default ドメイン、admin ユーザ、admin ユーザのパスワードを入力しログインできることを確認します。

スポンサーリンク