Merge pull request #4815 from geekpi/master

translated
This commit is contained in:
geekpi 2016-12-29 11:00:21 +08:00 committed by GitHub
commit 8ea33c86d9
2 changed files with 128 additions and 129 deletions

View File

@ -1,129 +0,0 @@
translating---geekpi
# LXD 2.0: LXD and OpenStack [11/12]
This is the eleventh blog post in [this series about LXD 2.0][1].
![LXD logo](https://linuxcontainers.org/static/img/containers.png)
Introduction
============================================================
First of all, sorry for the delay. It took quite a long time before I finally managed to get all of this going. My first attempts were using devstack which ran into a number of issues that had to be resolved. Yet even after all that, I still wasnt be able to get networking going properly.
I finally gave up on devstack and tried “conjure-up” to deploy a full Ubuntu OpenStack using Juju in a pretty user friendly way. And it finally worked!
So below is how to run a full OpenStack, using LXD containers instead of VMs and running all of this inside a LXD container (nesting!).
# Requirements
This post assumes youve got a working LXD setup, providing containers with network access and that you have a pretty beefy CPU, around 50GB of space for the container to use and at least 16GB of RAM.
Remember, were running a full OpenStack here, this thing isnt exactly light!
# Setting up the container
OpenStack is made of a lof of different components, doing a lot of different things. Some require some additional privileges so to make our live easier, well use a privileged container.
Well configure that container to support nesting, pre-load all the required kernel modules and allow it access to /dev/mem (as is apparently needed).
Please note that this means that most of the security benefit of LXD containers are effectively disabled for that container. However the containers that will be spawned by OpenStack itself will be unprivileged and use all the normal LXD security features.
```
lxc launch ubuntu:16.04 openstack -c security.privileged=true -c security.nesting=true -c "linux.kernel_modules=iptable_nat, ip6table_nat, ebtables, openvswitch"
lxc config device add openstack mem unix-char path=/dev/mem
```
There is a small bug in LXD where it would attempt to load kernel modules that have already been loaded on the host. This has been fixed in LXD 2.5 and will be fixed in LXD 2.0.6 but until then, this can be worked around with:
```
lxc exec openstack -- ln -s /bin/true /usr/local/bin/modprobe
```
Then we need to add a couple of PPAs and install conjure-up, the deployment tool well use to get OpenStack going.
```
lxc exec openstack -- apt-add-repository ppa:conjure-up/next -y
lxc exec openstack -- apt-add-repository ppa:juju/stable -y
lxc exec openstack -- apt update
lxc exec openstack -- apt dist-upgrade -y
lxc exec openstack -- apt install conjure-up -y
```
And the last setup step is to configure LXD networking inside the container.
Answer with the default for all questions, except for:
* Use the “dir” storage backend (“zfs” doesnt work in a nested container)
* Do NOT configure IPv6 networking (conjure-up/juju dont play well with it)
```
lxc exec openstack -- lxd init
```
And thats it for the container configuration itself, now we can deploy OpenStack!
# Deploying OpenStack with conjure-up
As mentioned earlier, well be using conjure-up to deploy OpenStack.
This is a nice, user friendly, tool that interfaces with Juju to deploy complex services.
Start it with:
```
lxc exec openstack -- sudo -u ubuntu -i conjure-up
```
* Select “OpenStack with NovaLXD”
* Then select “localhost” as the deployment target (uses LXD)
* And hit “Deploy all remaining applications”
This will now deploy OpenStack. The whole process can take well over an hour depending on what kind of machine youre running this on. Youll see all services getting a container allocated, then getting deployed and finally interconnected.
![Conjure-Up deploying OpenStack](https://www.stgraber.org/wp-content/uploads/2016/10/conjure-up.png)
Once the deployment is done, a few post-install steps will appear. This will import some initial images, setup SSH authentication, configure networking and finally giving you the IP address of the dashboard.
# Access the dashboard and spawn a container
The dashboard runs inside a container, so you cant just hit it from your web browser.
The easiest way around this is to setup a NAT rule with:
```
lxc exec openstack -- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to <IP>
```
Where “<ip>” is the dashboard IP address conjure-up gave you at the end of the installation.
You can now grab the IP address of the “openstack” container (from “lxc info openstack”) and point your web browser to: http://<container ip>/horizon
This can take a few minutes to load the first time around. Once the login screen is loaded, enter the default login and password (admin/openstack) and youll be greeted by the OpenStack dashboard!
![oslxd-dashboard](https://www.stgraber.org/wp-content/uploads/2016/10/oslxd-dashboard.png)
You can now head to the “Project” tab on the left and the “Instances” page. To start a new instance using nova-lxd, click on “Launch instance”, select what image you want, network, … and your instance will get spawned.
Once its running, you can assign it a floating IP which will let you reach your instance from within your “openstack” container.
# Conclusion
OpenStack is a pretty complex piece of software, its also not something you really want to run at home or on a single server. But its certainly interesting to be able to do it anyway, keeping everything contained to a single container on your machine.
Conjure-Up is a great tool to deploy such complex software, using Juju behind the scene to drive the deployment, using LXD containers for every individual service and finally for the instances themselves.
Its also one of the very few cases where multiple level of container nesting actually makes sense!
--------------------------------------------------------------------------
作者简介Im Stéphane Graber. Im probably mostly known as the LXC and LXD project leader, currently working as a technical lead for LXD at Canonical Ltd. from my home in Montreal, Quebec, Canada.
--------------------------------------------------------------------------------
via: https://www.stgraber.org/2016/10/26/lxd-2-0-lxd-and-openstack-1112/
作者:[Stéphane Graber ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.stgraber.org/author/stgraber/
[1]:https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/

View File

@ -0,0 +1,128 @@
LXD 2.0 系列LXD和OpenStack
======================================
这是 [LXD 2.0 系列介绍文章][1]的第十一篇。
![LXD logo](https://linuxcontainers.org/static/img/containers.png)
介绍
============================================================
首先对这次的延期抱歉。为了让一切正常我花了很长时间。我第一次尝试是使用devstack时遇到了一些必须解决问题。 然而即使这样,我还是不能够使网络正常。
我终于放弃了devstack并使用用户友好的Juju尝试使用“conjure-up”部署完整的Ubuntu OpenStack。它终于工作了
下面是如何运行一个完整的OpenStack使用LXD容器而不是VM并在LXD容器中运行所有这些嵌套的
# 要求
这篇文章假设你有一个可以工作的LXD设置提供容器网络访问并且你有一个非常强大的CPU大约50GB给容器空间和至少16GB的内存。
记住我们在这里运行一个完整的OpenStack这东西不是很轻量
# 设置容器
OpenStack由大量不同做不同事情的组件组成。 一些需要一些额外的特权,这样可以使设置更简单,我们将使用特权容器。
我们将配置支持嵌套的容器,预加载所有需要的内核模块,并允许它访问/dev/mem显然是需要的
请注意这意味着LXD容器的大部分安全特性对该容器被禁用。 然而由OpenStack自身产生的容器将是无特权的并且可以正常使用LXD的安全特性。
```
lxc launch ubuntu:16.04 openstack -c security.privileged=true -c security.nesting=true -c "linux.kernel_modules=iptable_nat, ip6table_nat, ebtables, openvswitch"
lxc config device add openstack mem unix-char path=/dev/mem
```
LXD中有一个小bug它会尝试加载已经加载到主机上的内核模块。这已在LXD 2.5中得到修复并将在LXD 2.0.6中修复,但在此之前,可以使用以下方法:
```
lxc exec openstack -- ln -s /bin/true /usr/local/bin/modprobe
```
我们需要加几条PPA并安装conjure-up它是我们用来安装Openstack的部署工具。
```
lxc exec openstack -- apt-add-repository ppa:conjure-up/next -y
lxc exec openstack -- apt-add-repository ppa:juju/stable -y
lxc exec openstack -- apt update
lxc exec openstack -- apt dist-upgrade -y
lxc exec openstack -- apt install conjure-up -y
```
最后一步是在容器内部配置LXD网络。
所有问题都选择默认,除了:
* 使用“dir”存储后端“zfs”不在嵌套容器中有用
* 不要配置IPv6网络conjure-up/juju不太兼容它
```
lxc exec openstack -- lxd init
```
现在配置完容器了现在我们部署OpenStack
# 用conjure-up部署OpenStack
如先前提到的我们用conjure-up部署OpenStack。
这是一个很棒的用户友好的可以与Juju交互来部署复杂服务的工具。
首先:
```
lxc exec openstack -- sudo -u ubuntu -i conjure-up
```
* 选择“OpenStack with NovaLXD”
* 选择“localhost”作为部署目标使用LXD
* 点击“Deploy all remaining applications”
接下来会部署OpenStack。整个过程会花费一个多小时这取决于你运行的机器。你将看到所有服务会被分配一个容器然后部署并最终互连。
![Conjure-Up deploying OpenStack](https://www.stgraber.org/wp-content/uploads/2016/10/conjure-up.png)
部署完成后会显示一个安装完成的界面。它会导入一些初始镜像、设置SSH权限、配置网络最后会显示面板的IP地址。
# 访问面板并生成一个容器
面板运行在一个容器中,因此你不能直接从浏览器中访问。
最简单的方法是设置一条NAT规则
```
lxc exec openstack -- iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to <IP>
```
其中“<ip>”是conjure-up在安装结束时给你的面板IP地址。
你现在可以获取“openstack”容器的IP地址来自“lxc info openstack”并将浏览器指向http://<container ip>/horizon
第一次加载可能需要几分钟。 一旦显示了登录界面输入默认登录名和密码admin/openstack你就会看到OpenStack的欢迎面板
  [oslxd-dashboard]https://www.stgraber.org/wp-content/uploads/2016/10/oslxd-dashboard.png
现在可以选择左边的“Project”选项卡进入“Instances”页面。 要启动一个使用nova-lxd的新实例点击“Launch instance”选择你想要的镜像网络等接着你的实例就产生了。
一旦它运行后你可以为它分配一个浮动IP它将允许你从你的“openstack”容器中访问你的实例。
# 总结
OpenStack是一个非常复杂的软件你也不会想在家里或在单个服务器上运行它。 但是,不管怎样在你的机器上包含这些服务在一个容器中都是非常有趣的。
conjure-up是部署这种复杂软件的一个很好的工具背后使用Juju驱动部署为每个单独的服务使用LXD容器最后是实例本身。
它也是少数几个容器嵌套多层并实际上有意义的情况之一!
--------------------------------------------------------------------------
作者简介我是Stéphane Graber。我是LXC和LXD项目的领导者目前在加拿大魁北克蒙特利尔的家所在的Canonical有限公司担任LXD的技术主管。
--------------------------------------------------------------------------------
via: https://www.stgraber.org/2016/10/26/lxd-2-0-lxd-and-openstack-1112/
作者:[Stéphane Graber ][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.stgraber.org/author/stgraber/
[1]:https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/