CentOS6.4部署OpenStack Havana(Nova-Network版)html
一 基本設備介紹node
測試環境python
CentOS6.4 x64mysql
OpenStack 服務 介紹linux
計算 (Compute) - Nova;web
網絡和地址管理 - Neutron;redis
對象存儲 (Object) - Swift;sql
塊存儲 (Block) - Cinder;數據庫
身份 (Identity) - keystone;centos
鏡像 (Image) - Glance;
UI 界面 (Dashboard) - Horizon;
測量 (Metering) - Ceilometer;
編配 (Orchestration) – Heat;
主機分配:
主 機名 IP(Static) 系統 角色
openstack 192.168.0.210 CentOS x64 管理節點/計算節點
node01 192.168.0.212 CentOS x64 計算節點
二 管理節點安裝 ( Openstack )
首先更新系統版本 yum update ( 不然 報yum ssl錯誤 )
reboot
2.1 (導入第三方安裝源)
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-7.noarch.rpm
2.2 (配置/hetc/hosts 文件)
vi /etc/hosts
192.168.0.211 openstack
192.168.0.212 node01
2.3 (配置網絡)
2.4 關閉selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0
2.5 修改/etc/sysctl.conf參數
vi /etc/sysctl.conf
修改
net.ipv4.ip_forward = 1
sysctl -p
2.6 安裝ntp服務
yum -y install ntp
service ntpd start
chkconfig ntpd on
2.7 安裝MySQL服務
yum -y install mysql mysql-server MySQL-python
vi /etc/my.cnf
[mysqld]在後面增長
bind-address = 0.0.0.0
啓動mysqld 並設置自動啓動
service mysqld start
chkconfig mysqld on
修改MySQL密碼爲jicki
mysqladmin -uroot password 'jicki'; history -c
2.8 安裝qpid 服務
yum -y install qpid-cpp-server memcached
修改/etc/qpidd.conf配置文件,將auth設置爲no
vi /etc/qpidd.conf
auth=no
啓動 qpidd 以及 設置自定啓動
service qpidd start
chkconfig qpidd on
安裝OpenStack工具包
yum -y install openstack-utils
2.9 安裝配置KeyStone
安裝KeyStone服務
yum -y install openstack-keystone
建立keystone數據庫,修改配置文件中的數據庫連接
openstack-db --init --service keystone
修改配置文件中的數據庫連接 ( 賬號密碼都爲上面建立的 keystone )
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
使用openssl隨即生成一個令牌,將其存儲在配置文件中
export SERVICE_TOKEN=$(openssl rand -hex 10)
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
mkdir /root/config (建立配置文件目錄 用於記錄一些key)
echo $SERVICE_TOKEN > /root/config/ks_admin_token.txt
cat /root/config/ks_admin_token.txt
35fbb7e5601644a1f37f
將生成的SERVICE_TOKEN值寫入文件中保存,以備後續使用,後面涉及到的SERVICE_TOKEN值都是在ks_admin_token.txt文件中獲取的。因此一旦寫入文件,不要再次運行命令生成SERVICE_TOKEN,不然先後不一致會爲調試帶來麻煩。
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
默認狀況下keysonte使用PKI令牌。建立簽名密鑰和證書
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
啓動keystone服務,設置開機自啓動
service openstack-keystone start
chkconfig openstack-keystone on
2.10 定義Users、Tenants and Roles
修改.bash_profile文件,添加如下參數
vi /root/.bash_profile
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=jicki
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
export SERVICE_TOKEN=35fbb7e5601644a1f37f
使變量即時生效
source .bash_profile
爲管理員用戶建立一個tenant,爲openstack其餘服務的用戶建立一個tenant
keystone tenant-create --name=admin --description='Admin Tenant'
keystone tenant-create --name=service --description='Service Tenant'
建立一個管理員用戶admin
keystone user-create --name=admin --pass=jicki --email=keystone@localhost
建立一個管理員角色admin
keystone role-create --name=admin
將角色添加到用戶
keystone user-role-add --user=admin --tenant=admin --role=admin
2.11 定義Services 和 API Endpoints
爲KeyStone建立一個服務
keystone service-create --name=keystone --type=identity --description="KeystoneIdentity Service"
使用服務ID建立一個endpoint
vi /root/config/keystone.sh
#!/bin/bash
my_ip=192.168.0.211
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0
sh /root/config/keystone.sh
2.12 安裝配置Glance
yum -y install openstack-glance
建立Glance數據庫
openstack-db --init --service glance
修改配置文件中的數據庫連接
openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance
openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance
2.13 建立User,定義Services 和 API Endpoints
爲Glance服務建立一個glance用戶
keystone user-create --name=glance --pass=service --email=glance@localhost
keystone user-role-add --user=glance --tenant=service --role=admin
爲glance建立一個服務
keystone service-create --name=glance --type=image --description="Glance ImageService"
使用服務ID建立一個endpoint
vi /root/config/glance.sh
#!/bin/bash
my_ip=192.168.0.211
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292
sh /root/config/glance.sh
配置Glance服務
將keystone認證信息添加到glance配置文件中
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service
修改ini文件路徑,將keystone認證信息添加到ini文件中
openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
chown -R root:glance /etc/glance/glance-api-paste.ini
chown -R root:glance /etc/glance/glance-registry-paste.ini
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service
修改鏡像文件的存放路徑(默認存放在/var/lib/glance目錄下,若不需修改,此步驟可省略)
openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /opt/openstack/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /opt/openstack/lib/glance/scrubber
openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /opt/openstack/lib/glance/image-cache/
mkdir -p /opt/openstack/lib
cp -r /var/lib/glance/ /opt/openstack/lib/
chown -R glance:glance /opt/openstack/lib/glance/
啓動glance服務,設置開機自啓動
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
2.14 Glance測試
glance image-create --name=centos6.6 --disk-format=qcow2 --container-format=ovf --is-public=true < /root/CentOS-6.6-x86_64-minimal.iso
查看鏡像
glance image-list
+--------------------------------------+-----------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+-----------+-------------+------------------+-----------+--------+
| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | qcow2 | ovf | 401604608 | active |
+--------------------------------------+-----------+-------------+------------------+-----------+--------+
2.15 安裝配置Nova
yum -y install openstack-nova
建立nova數據庫
openstack-db --init --service nova
建立User,定義Services 和 API Endpoints
vi /root/config/nova-user.sh
#!/bin/sh
my_ip=192.168.0.210
keystone user-create --name=nova --pass=service --email=nova@localhost
keystone user-role-add --user=nova --tenant=service --role=admin
keystone service-create --name=nova --type=compute --description="Nova Compute Service"
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%\(tenant_id\)s --internalurl=http://$my_ip:8774/v2/%\(tenant_id\)s --adminurl=http://$my_ip:8774/v2/%\(tenant_id\)s
sh /root/config/nova-user.sh
配置nova服務
修改/etc/nova/nova.conf配置文件
------------------------------------------------------------------------------
[DEFAULT]
my_ip = 192.168.0.210
auth_strategy = keystone
state_path = /opt/openstack/lib/nova
verbose=True
allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = 192.168.0.210
libvirt_type = kvm
glance_api_servers = 192.168.0.210:9292
novncproxy_base_url = http://192.168.0.210:6080/vnc_auto.html
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
vnc_enabled = true
vnc_keymap = en-us
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
[hyperv]
[zookeeper]
[osapi_v3]
[conductor]
[keymgr]
[cells]
[database]
[image_file_url]
[baremetal]
[rpc_notifier2]
[matchmaker_redis]
[ssl]
[trusted_computing]
[upgrade_levels]
[matchmaker_ring]
[vmware]
[spice]
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
---------------------------------------------------------------------------------
因上述配置文件中修改了instances實例存放的位置,還須要做一下操做
修改instances路徑,設置目錄權限
cp -r /var/lib/nova/ /opt/openstack/lib/
chown -R nova:nova /opt/openstack/lib/nova/
配置libvirtd服務,刪除virbr0
啓動libvirt服務
service libvirtd start
查看net-list,發現default
virsh net-list
刪除default,即virbr0
virsh net-destroy default
virsh net-undefine default
重啓libvirtd服務,設置開機自啓動
service libvirtd restart
chkconfig libvirtd on
啓動nova相關服務,設置開機自啓動
service messagebus start
chkconfig messagebus on
啓動nova服務,採用network網絡服務
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
service openstack-nova-compute start
service openstack-nova-network start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
chkconfig openstack-nova-compute on
chkconfig openstack-nova-network on
nova測試
建立網絡
nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge-interface=br1 --multi-host=T
nova network-list
+--------------------------------------+-------+-------------+
| ID | Label | Cidr |
+--------------------------------------+-------+-------------+
| 440a5c95-9882-4e79-9d75-e5ce7ff27799 | vmnet | 10.1.1.0/24 |
+--------------------------------------+-------+-------------+
nova-manage network list
設置安全組
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
查看鏡像
nova image-list
+--------------------------------------+-----------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+-----------+--------+--------+
| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | ACTIVE | |
+--------------------------------------+-----------+--------+--------+
建立虛擬機實例
nova boot --flavor 1 --image centos6.6 vm01
查看虛擬機實例運行狀態
nova list
+--------------------------------------+------+--------+------------+-------------+----------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+----------------+
| 32a62826-ff62-48cb-a273-fb1091049f14 | vm01 | ACTIVE | - | Running | vmnet=10.1.1.2 |
+--------------------------------------+------+--------+------------+-------------+----------------+
刪除一個實例
nova delete 3713704f-2628-49ec-8731-d683f25bef3e
測試虛擬機實例連通性
ping 10.1.1.2
2.16 安裝配置Horizon
yum -y install openstack-dashboard
修改local_settings文件,將DEBUG = False修改成DEBUG = True
vi /etc/openstack-dashboard/local_settings
DEBUG = True
修改httpd.conf文件,將#ServerName www.example.com:80修改成ServerName 192.168.0.211:80
vi /etc/httpd/conf/httpd.conf
#ServerName www.example.com:80
ServerName 192.168.0.211:80
修改local_settings.py文件,將"Member"修改成"admin"
vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"
啓動http服務,設置開機自啓動
service httpd start
chkconfig httpd on
重啓nova-api服務
service openstack-nova-api restart
添加防火牆策略
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
iptables -I INPUT -p tcp --dport 6080 -j ACCEPT
service iptables save
Horizon安裝完成,使用http://192.168.0.210/dashboard訪問openstack web界面。
http://192.168.0.210/dashboard訪問openstack
用戶名: admin
密碼:
添加新項目
爲操做員用戶建立一個tenant
keystone tenant-create --name=manager --description='Manager Tenant'
建立操做員用戶
keystone user-create --name=manager --pass=jicki --email=manager@localhost
建立一個管理角色manager
keystone role-create --name=manager
將nova角色添加到用戶
keystone user-role-add --user=nova --tenant=service --role=manager