CentOS6.4安裝OpenStack Icehouse controller(一)

*本文介紹系統初始化、keystone、glance的安裝配置過程node


OpenStack交流羣:322596568python


主機分配:mysql

主機名             IP(Static)                        系統                                           配置                                        角色
linux

openstack      192.168.20.200     CentOS-6.4-x86_64-minimal         4CPU,16G,300G,2網卡              管理節點/計算節點
sql

node01          192.168.20.201     CentOS-6.4-x86_64-minimal         4CPU,16G,300G,2網卡                      計算節點數據庫


初始化配置:centos

(1).配置/etc/hosts文件api

[root@openstack ~]# vi /etc/hostsbash

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4網絡

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.10.21   openstack

192.168.10.22   node01

(2).配置網絡

[root@openstack ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

TYPE=Ethernet

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.20.200

NETMASK=255.255.255.0

GATEWAY=192.168.20.2

[root@openstack ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth1

TYPE=Ethernet

ONBOOT=yes

BOOTPROTO=none

(3).關閉selinux:

[root@openstack ~]# vi /etc/selinux/config 

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#       enforcing - SELinux security policy is enforced.

#       permissive - SELinux prints warnings instead of enforcing.

#       disabled - SELinux is fully disabled.

SELINUX=disabled

# SELINUXTYPE= type of policy in use. Possible values are:

#       targeted - Only targeted network daemons are protected.

#       strict - Full SELinux protection.

SELINUXTYPE=targeted

[root@openstack ~]# setenforce 0

(4).修改/etc/sysctl.conf參數:

[root@openstack ~]# vi /etc/sysctl.conf

……………………

net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

……………………
[root@openstack ~]#sysctl -p                    #使sysctl.conf配置生效

(5).關閉多餘的服務(可選):

#!/bin/bash

SERVICE_SUM="auditd blk-availability iscsi iscsid lvm2-monitor mdmonitor multipathd netconsole postfix rdisc restorecond saslauthd"

echo $SERVICE_SUM | xargs -n1 | while read SERVICE

do

    chkconfig $SERVICE off

    service $SERVICE stop

done

(6).導入第三方安裝源:

[root@openstack ~]# yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm

[root@openstack ~]# yum -y install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

(7).更新kernel:

[root@openstack ~]# yum -y install kernel-2.6.32-358.123.2.openstack*

(8).安裝OpenStack工具包:

[root@openstack ~]# yum -y install openstack-utils openstack-selinux

(9).重啓:

[root@openstack ~]# reboot


2.安裝配置NTP服務

(1).安裝NTP服務:

[root@openstack ~]# yum -y install ntp


(2).配置NTP服務:

[root@openstack ~]# vi /etc/ntp.conf

driftfile /var/lib/ntp/drift

restrict default ignore

restrict 127.0.0.1 

restrict 192.168.10.0 mask 255.255.255.0 nomodify notrap

server ntp.api.bz

server  127.127.1.0     # local clock

fudge   127.127.1.0 stratum 10

keys /etc/ntp/keys

(3).啓動NTP服務,設置開機自啓動:

[root@openstack ~]# service ntpd start

[root@openstack ~]# chkconfig ntpd on

3.配置安裝MySQL:

(1).安裝MySQL服務:

[root@openstack ~]# yum -y install mysql mysql-server MySQL-python            

(yum install mysql MySQL-python in node)


(2).修改MySQL配置文件:

[mysqld]

datadir=/var/lib/mysql

socket=/var/lib/mysql/mysql.sock

user=mysql

# Disabling symbolic-links is recommended to prevent assorted security risks

symbolic-links=0

bind-address = 0.0.0.0                    #設置監聽IP地址0.0.0.0

default-storage-engine = innodb

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8


[mysqld_safe]

log-error=/var/log/mysqld.log

pid-file=/var/run/mysqld/mysqld.pid


(3).啓動MqSQL服務,設置開機自啓動:

[root@openstack ~]# service mysqld start

[root@openstack ~]# chkconfig mysqld on


(4).修改MySQL密碼爲passwd:

[root@openstack ~]# mysqladmin -uroot password 'passwd'; history -c


4.安裝配置qpid服務

(1).安裝qpid服務:

[root@openstack ~]# yum -y install qpid-cpp-server memcached


(2).修改/etc/qpidd.conf配置文件,將auth設置爲no:

[root@openstack ~]# vi /etc/qpidd.conf

……………………

auth=no

(3).啓動qpid服務,設置開機啓動:

[root@openstack ~]# service qpidd start

[root@openstack ~]# chkconfig qpidd on


5.安裝配置KeyStone

(1).安裝KeyStone服務:

[root@openstack ~]# yum -y install openstack-keystone python-keystoneclient


(2).建立keystone數據庫,修改配置文件中的數據庫連接:

[root@openstack ~]#  openstack-db --init --service keystone --rootpw passwd


(3).修改配置文件中的數據庫連接:

[root@openstack ~]#  openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone


(4).使用openssl隨即生成一個令牌,將其存儲在配置文件中:

[root@openstack ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)     //隨機生成SERVICE_TOKEN值,請牢記

[root@openstack ~]# export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

[root@openstack ~]# mkdir /root/config

[root@openstack ~]# echo $SERVICE_TOKEN > /root/config/ks_admin_token.txt

[root@openstack ~]# cat /root/config/ks_admin_token.txt

12dd70ede7c9d9d3ed3c

[root@openstack ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN

*注:將生成的SERVICE_TOKEN值寫入文件中保存,以備後續使用,後面涉及到的SERVICE_TOKEN值都是在ks_admin_token.txt文件中獲取的。因此一旦寫入文件,不要再次運行命令生成SERVICE_TOKEN,不然先後不一致會爲調試帶來麻煩。


(5).默認狀況下keysonte使用PKI令牌。建立簽名密鑰和證書:

[root@openstack ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

[root@openstack ~]# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log


(6).啓動keystone服務,設置開機自啓動:

[root@openstack ~]# service openstack-keystone start

[root@openstack ~]# chkconfig openstack-keystone on


[root@openstack ~]# (crontab -l 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/root


5.2.定義Users、Tenants and Roles

(1).修改.bash_profile文件,添加如下參數:

[root@openstack ~]# vi .bash_profile

………………

export OS_USERNAME=admin

export OS_PASSWORD=password

export OS_TENANT_NAME=admin

export OS_AUTH_URL=http://127.0.0.1:5000/v2.0

export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

export SERVICE_TOKEN=12dd70ede7c9d9d3ed3c

………………

執行下面的命令使變量即時生效:

[root@openstack ~]# source .bash_profile


(2).建立一個管理員用戶admin:

[root@openstack ~]# keystone user-create --name=admin --pass=password --email=keystone@chensh.net

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+----------+----------------------------------+

| Property |              Value               |

+----------+----------------------------------+

|  email   |       keystone@chensh.net        |

| enabled  |               True               |

|    id    | 16df18d2617943ea8b0cfce39e7e6541 |

|   name   |              admin               |

| username |              admin               |

+----------+----------------------------------+

(3).建立一個管理員角色admin:

[root@openstack ~]# keystone role-create --name=admin

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+----------+----------------------------------+

| Property |              Value               |

+----------+----------------------------------+

|    id    | 90ef9ebcdcbc47178cf959911ce0569e |

|   name   |              admin               |

+----------+----------------------------------+

(4).爲管理員用戶建立一個tenant:

[root@openstack ~]# keystone tenant-create --name=admin --description='Admin Tenant'

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

| description |           Admin Tenant           |

|   enabled   |               True               |

|      id     | 4af98cdce9ea449b90c8dfec454b2b9f |

|     name    |              admin               |

+-------------+----------------------------------+

(5).將角色添加到用戶:

Link the admin user, admin role, and admin tenant together using the user-role-add option:

[root@openstack ~]# keystone user-role-add --user=admin --tenant=admin --role=admin

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

Link the admin user, _member_ role, and admin tenant:

[root@openstack ~]# keystone user-role-add --user=admin --role=_member_ --tenant=admin 

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

(6).建立一個Service tenant:

[root@openstack ~]# keystone tenant-create --name=service --description='Service Tenant'

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

| description |          Service Tenant          |

|   enabled   |               True               |

|      id     | 7202578800e245808231cdfc07d26100 |

|     name    |             service              |

+-------------+----------------------------------+


5.3.定義Services 和 API Endpoints

(1).爲KeyStone建立一個服務:

[root@openstack ~]# keystone service-create --name=keystone --type=identity --description="KeystoneIdentity Service"

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

| description |     KeystoneIdentity Service     |

|   enabled   |               True               |

|      id     | 05224edaf29c4fa9a1d600749edc46b9 |

|     name    |             keystone             |

|     type    |             identity             |

+-------------+----------------------------------+


(2).使用服務ID建立一個endpoint:

[root@openstack ~]# vi /root/config/keystone.sh

#!/bin/bash

my_ip=0.0.0.0

service=$(keystone service-list | awk '/keystone/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0

[root@openstack ~]# sh /root/config/keystone.sh

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

|   adminurl  |    http://0.0.0.0:35357/v2.0     |

|      id     | c356f86d4c1c4be89274f23f86ed4d1e |

| internalurl |     http://0.0.0.0:5000/v2.0     |

|  publicurl  |     http://0.0.0.0:5000/v2.0     |

|    region   |            regionOne             |

|  service_id | 05224edaf29c4fa9a1d600749edc46b9 |

+-------------+----------------------------------+

[root@openstack ~]# keystone user-list

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+----------------------------------+-------+---------+---------------------+

|                id                |  name | enabled |        email        |

+----------------------------------+-------+---------+---------------------+

| 16df18d2617943ea8b0cfce39e7e6541 | admin |   True  | keystone@chensh.net |

+----------------------------------+-------+---------+---------------------+

[root@openstack ~]# keystone user-role-list --user admin --tenant admin

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+----------------------------------+----------+----------------------------------+----------------------------------+

|                id                |   name   |             user_id              |            tenant_id             |

+----------------------------------+----------+----------------------------------+----------------------------------+

| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 16df18d2617943ea8b0cfce39e7e6541 | 4af98cdce9ea449b90c8dfec454b2b9f |

| 90ef9ebcdcbc47178cf959911ce0569e |  admin   | 16df18d2617943ea8b0cfce39e7e6541 | 4af98cdce9ea449b90c8dfec454b2b9f |

+----------------------------------+----------+----------------------------------+----------------------------------+


6.安裝配置Glance


6.1.初始化Glance

(1).安裝Glance服務:

[root@openstack ~]# yum -y install openstack-glance


(2).建立Glance數據庫:


[root@openstack ~]# openstack-db --init --service glance  --rootpw passwd


(3).修改配置文件中的數據庫連接:

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance


6.2.建立User,定義Services 和 API Endpoints

(1).爲Glance服務建立一個glance用戶:

[root@openstack ~]# keystone user-create --name=glance --pass=service --email=glance@chensh.net

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+----------+----------------------------------+

| Property |              Value               |

+----------+----------------------------------+

|  email   |        glance@chensh.net         |

| enabled  |               True               |

|    id    | e52a0f54a49346c485e68558d2c3f1fb |

|   name   |              glance              |

| username |              glance              |

+----------+----------------------------------+

[root@openstack ~]# keystone user-role-add --user=glance --tenant=service --role=admin

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

(2).爲glance建立一個服務:

[root@openstack ~]# keystone service-create --name=glance --type=image --description="Glance ImageService"

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

| description |       Glance ImageService        |

|   enabled   |               True               |

|      id     | 28fe6663aa404a0b8686c759de618240 |

|     name    |              glance              |

|     type    |              image               |

+-------------+----------------------------------+

(3).使用服務ID建立一個endpoint:

[root@openstack ~]# vi /root/config/glance.sh

#!/bin/bash

my_ip=0.0.0.0

service=$(keystone service-list | awk '/glance/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292

[root@openstack ~]# sh /root/config/glance.sh

WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored).

+-------------+----------------------------------+

|   Property  |              Value               |

+-------------+----------------------------------+

|   adminurl  |       http://0.0.0.0:9292        |

|      id     | 72aa5379814c495fb679504358443457 |

| internalurl |       http://0.0.0.0:9292        |

|  publicurl  |       http://0.0.0.0:9292        |

|    region   |            regionOne             |

|  service_id | 28fe6663aa404a0b8686c759de618240 |

+-------------+----------------------------------+

6.3.配置Glance服務

[root@openstack ~]# cp -av /etc/glance/glance-api.conf /etc/glance/glance-api.conf_bak

[root@openstack ~]# cp -av /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf_bak

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend qpid

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname $HOSTNAME

(1).將keystone認證信息添加到glance配置文件中:

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://0.0.0.0:5000

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service


[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://0.0.0.0:5000

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service


(2).修改ini文件路徑,將keystone認證信息添加到ini文件中:

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone


[root@openstack ~]# cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini

[root@openstack ~]# cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini

[root@openstack ~]# chown -R root:glance /etc/glance/glance-api-paste.ini 

[root@openstack ~]# chown -R root:glance /etc/glance/glance-registry-paste.ini


[root@openstack ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host 127.0.0.1

[root@openstack ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service

[root@openstack ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host 127.0.0.1

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service


(3).修改鏡像文件的存放路徑(默認存放在/var/lib/glance目錄下,若不需修改,此步驟可省略)

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /openstack/glance/images/

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /openstack/glance/scrubber

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /openstack/glance/image-cache/

[root@openstack ~]# mkdir /openstack

[root@openstack ~]# cp -a /var/lib/glance/ /openstack/

[root@openstack ~]# chown -R glance:glance /openstack/glance/


(4).啓動glance服務,設置開機自啓動

[root@openstack ~]# service openstack-glance-api start

[root@openstack ~]# service openstack-glance-registry start

[root@openstack ~]# chkconfig openstack-glance-api on

[root@openstack ~]# chkconfig openstack-glance-registry on


6.4.Glance測試


(1).上傳鏡像

[root@openstack ~]# glance image-create --name=centos6.4_20G --disk-format=qcow2 --container-format=ovf --is-public=true < /root/centos6.4-mini_x64.qcow2 

+------------------+--------------------------------------+

| Property         | Value                                |

+------------------+--------------------------------------+

| checksum         | 4b16b4bcfd7f4fe7f0f2fdf8919048b4     |

| container_format | ovf                                  |

| created_at       | 2014-03-31T06:26:26                  |

| deleted          | False                                |

| deleted_at       | None                                 |

| disk_format      | qcow2                                |

| id               | 45456157-9b46-4e40-8ee3-fbb2e40f227b |

| is_public        | True                                 |

| min_disk         | 0                                    |

| min_ram          | 0                                    |

| name             | centos6.4_20G                        |

| owner            | 446893f3733b4294a7080f3b0bf1ba61     |

| protected        | False                                |

| size             | 698023936                            |

| status           | active                               |

| updated_at       | 2014-03-31T06:26:30                  |

+------------------+--------------------------------------+


(2).查看鏡像

[root@openstack ~]# glance image-list

+--------------------------------------+---------------+-------------+------------------+-----------+--------+

| ID                                   | Name          | Disk Format | Container Format | Size      | Status |

+--------------------------------------+---------------+-------------+------------------+-----------+--------+

| 45456157-9b46-4e40-8ee3-fbb2e40f227b | centos6.4_20G | qcow2       | ovf              | 698023936 | active |

+--------------------------------------+---------------+-------------+------------------+-----------+--------+

CentOS6.4安裝OpenStack Icehouse controller(二)

相關文章
相關標籤/搜索