Redhat上可以很快的使用All-in-one的方式安装openstack,先安装packstack,然后通过packstack --allinone这条命令
就可以一步安装openstack,最后设置IP和网桥,就可以完成安装,但是在ubuntu却无法通过一步就实现openstack的安装,
需要一步一步安装,而且网上现有的资料都是在多台机器上分别安装openstack的各个节点(compute,controller,network
等),一般至少两台虚拟机或着物理机,今天介绍如何在一台ubuntu虚拟机上实现openstack-juno的安装,并启动一个
cirros镜像的虚拟机实例。
当初我觉着可以在redhat上实现单机安装openstack并启动虚拟机实例,就一定可以在ubuntu上实现单机安装部署
openstack,一个原因是不想多台机器之间折腾,机器越少,操作起来越方便,不用来回切换,另一个就是自己有点强迫症,
非要这么折腾一下,结果折腾了好久,终于算是折腾出来了,思路也越来越清晰。
这里总结一下openstack安装的经验。其实主要的问题还是集中在网络设置上,各个模块的安装只要网络正常,基本
没什么问题,很快就可以安装,工作量集中在配置文件的修改上,nova和neutron的配置有一些是交织的,先配置nova,等
到neutron安装了,还要返回来再次修改nova和增加配置,另外在neutron的配置文件中还要加上nova的相关配置,最后就
是网络的配置,网桥的设置。
这里介绍的安装其实不是完整的安装,主要是安装到neutron,然后安装dashboard,可以通过网页界面来操作主机设置,
后面的模块如cinder(块存储),swift(对象存储)都没有安装。
安装步骤如下:
第一步、准备ubuntu虚拟机,添加openstack-juno相关的源;
虚拟机设置:4G内存,20G硬盘,处理器选择支持虚拟化,ip:192.168.61.122,hostname:openstack
apt-get install python-software-properties add-apt-repository cloud-archive:juno apt-get update
第二步、安装消息服务rabbitmq,数据库mysql并启动;
apt-get install rabbitmq-server -y apt-get install mysql-server python-mysqldb -y
安装mysql时会提示输入用户名密码,这里输入root:root
修改mysql配置文件,vi /etc/mysql/my.cnf
bind-address 192.168.61.122 [mysqld] default-storage-engine=innodb innodb_file_per_table collation-server=utf8_general_ci init-connect='SET NAMES utf8' character-set-server=utf8修改完成之后重启服务
service mysql restart
修改配置及重启服务截图:
第三步、安装认证服务keystone,并配置和启动服务,新建用户,租户,角色;
先创建keystone数据库,并且授权用户keystone:keystone
再安装keystone服务
apt-get install keystone python-keystoneclient -y
这里我们先使用openssl命令产生一个随机的字符串作为token,这个字符串将在多个地方配置,主要在keystone.conf配置
文件中配置,以后都通用。
openssl rand -hex 10
//我的机器随机生成的是如下的字符串
b9e8218bd6a146ce0741
安装完成之后就是配置/etc/keystone/keystone.conf,默认keystone,glance,nova等组件,都有一个sqlite的数据库保存元数据,
我们这里改为使用我们的mysql作为元数据数据库,只需修改几个设置。
vi /etc/keystone/keystone.conf [default] token=b9e8218bd6a146ce0741 verbose=true [database] connection=mysql://keystone:openstack@openstack/keystone [token] provider=keystone.token.providers.uuid.Provider # Token persistence backend driver. (string value) driver=keystone.token.persistence.backends.sql.Token
接着就可以同步数据,和重启keystone服务,并且设置环境变量OS_SERVICE_TOKEN和OS_SERVICE_ENDPOINT。
root@openstack:~# su -s /bin/sh -c "keystone-manage db_sync" keystone root@openstack:~# service keystone restart keystone stop/waiting keystone start/running, process 20270 root@openstack:~# ls b9e8218bd6a146ce0741 root@openstack:~# export OS_SERVICE_TOKEN=b9e8218bd6a146ce0741 root@openstack:~# export OS_SERVICE_ENDPOINT=http://openstack:35357/v2.0
下面可以进行创建租户,用户,角色,并赋予用户角色,我们创建两个角色一个管理员和一个普通用户。
root@openstack:~# export OS_SERVICE_TOKEN=b9e8218bd6a146ce0741 root@openstack:~# export OS_SERVICE_ENDPOINT=http://openstack:35357/v2.0 root@openstack:~# keystone tenant-create --name admin --description "Admin Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Admin Tenant | | enabled | True | | id | 23a84fb4bf9f4078a54adc63627ea224 | | name | admin | +-------------+----------------------------------+ root@openstack:~# keystone user-create --name admin --pass admin --email [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | bcf9266786734e3382a0e38d582386fe | | name | admin | | username | admin | +----------+----------------------------------+ root@openstack:~# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | f3f75ddd049d404f8540faece025e9eb | | name | admin | +----------+----------------------------------+ root@openstack:~# keystone user-role-add --user admin --tenant admin --role admin
赋予用户角色和指定租户是没有输出的。
接着我们创建普通成员用户和角色并赋予角色
root@openstack:~# keystone role-create --name _member_ +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 6e33c1dcfb124022b11fea125fe996f9 | | name | _member_ | +----------+----------------------------------+ root@openstack:~# keystone tenant-create --name hadoop --description "Hadoop Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Hadoop Tenant | | enabled | True | | id | 668a527fd9384b639447deaca1cf2c48 | | name | hadoop | +-------------+----------------------------------+ root@openstack:~# keystone user-create --name hadoop --pass hadoop --email [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | 4e3ccc059d754c6a94e9a82d187bff8d | | name | hadoop | | username | hadoop | +----------+----------------------------------+ root@openstack:~# keystone user-role-add --tenant hadoop --user hadoop --role _member_
我们再创建第三个租户service,这个租户给后面的glance,nova,neutron等使用,前面的普通租户hadoop是给普通用户登
录使用。
root@openstack:~# keystone tenant-create --name service --description "Service Tenant" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | a4363a87992a4be7aba64be211338b5c | | name | service | +-------------+----------------------------------+
最后我们需要创建keystone对外的服务endpoint。
root@openstack:~# keystone service-create --name keystone --type identity --description "Openstack Identity" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Openstack Identity | | enabled | True | | id | 23d80b5a4b3c45debc4c96d229c55e08 | | name | keystone | | type | identity | +-------------+----------------------------------+ root@openstack:~# keystone endpoint-create --service-id 23d80b5a4b3c45debc4c96d229c55e08 \ > --publicurl http://openstack:5000/v2.0 \ > --internalurl http://openstack:5000/v2.0 \ > --adminurl http://openstack:35357/v2.0 \ > --region regionOne +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://openstack:35357/v2.0 | | id | 0b0b6785c5e44d989e4f007a8bb56571 | | internalurl | http://openstack:5000/v2.0 | | publicurl | http://openstack:5000/v2.0 | | region | regionOne | | service_id | 23d80b5a4b3c45debc4c96d229c55e08 | +-------------+----------------------------------+ root@openstack:~#这里千万不要直接复制粘贴命令,endpoint 的service-id需要指定在前一个命令中生成的service的id。
这样我们的keystone算是安装和配置完成,思路大概是先安装组件(或着创建数据库,授权数据库用户),然后配置
组件数据库连接,token等信息,接着同步数据,然后创建相关的服务。后面的glance,nova,neutron等安装都是这个
思路。
验证keystone命令生成的数据:
刚才我们使用keystone命令生成的用户,服务等都是在环境变量OS_SERVICE_TOKEN=b9e8218bd6a146ce0741,
OS_SERVICE_ENDPOINT=http://openstack:35357/v2.0的情况下做的,现在我们去掉环境变量,做验证。
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
root@openstack:~# keystone service-list Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL] root@openstack:~# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://openstack:35357/v2.0 service-list +----------------------------------+----------+----------+--------------------+ | id | name | type | description | +----------------------------------+----------+----------+--------------------+ | 23d80b5a4b3c45debc4c96d229c55e08 | keystone | identity | Openstack Identity | +----------------------------------+----------+----------+--------------------+ root@openstack:~# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://openstack:35357/v2.0 token-get +-----------+----------------------------------+ | Property | Value | +-----------+----------------------------------+ | expires | 2017-02-19T17:53:40Z | | id | cd0471d0ac6f4d0abee8e9ee0e56c92a | | tenant_id | 23a84fb4bf9f4078a54adc63627ea224 | | user_id | bcf9266786734e3382a0e38d582386fe | +-----------+----------------------------------+ root@openstack:~# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://openstack:35357/v2.0 role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 6e33c1dcfb124022b11fea125fe996f9 | _member_ | | f3f75ddd049d404f8540faece025e9eb | admin | +----------------------------------+----------+
这个结果和我们创建时是对应的,没有什么问题,接下来,我们可以安装配置镜像服务glance组件了。
第四步、安装镜像服务glance,并配置和启动服务,新建镜像;
创建glance数据库,并授权用户glance:glance
mysql> create database glance; Query OK, 1 row affected (0.00 sec) mysql> grant all privileges on glance.* to glance@'%' identified by 'glance'; Query OK, 0 rows affected (0.00 sec)
使用keystone创建glance相关用户和endpoint服务,这里给glance赋予角色和租户时就用到了keystone里面最后创建的一个租户service。
root@openstack:~# keystone user-create --name glance --pass glance --email [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | afbd6f0428eb462099a8b20dd06f210d | | name | glance | | username | glance | +----------+----------------------------------+ root@openstack:~# keystone user-role-add --user glance --tenant service --role admin root@openstack:~# keystone service-create --name glance --type image --description "Openstack Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Openstack Image Service | | enabled | True | | id | e7131d900c8a46ef8053217e93759e98 | | name | glance | | type | image | +-------------+----------------------------------+ root@openstack:~# keystone endpoint-create --service-id e7131d900c8a46ef8053217e93759e98 --publicurl http://openstack:9292 --internalurl http://openstack:9292 --adminurl http://openstack:9292 --region regionOne +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://openstack:9292 | | id | 46c182ce45dc498d9009caaa61a37a9d | | internalurl | http://openstack:9292 | | publicurl | http://openstack:9292 | | region | regionOne | | service_id | e7131d900c8a46ef8053217e93759e98 | +-------------+----------------------------------+
接下来,安装glance组件
apt-get install glance python-glanceclient -y
修改配置文件/etc/glance/glance-api.conf和/etc/glance/glance-registry.conf
root@openstack:~# vi /etc/glance/glance-api.conf [database] connection = mysql://glance:openstack@openstack/glance [keystone_authtoken] auth_uri=http://openstack:5000/v2.0 identity_uri = http://openstack:35357 admin_tenant_name = service admin_user = glance admin_password = glance [paste_deploy] flavor=keystone [glance-store] filesystem_store_datadir=/var/lib/glance/images
root@openstack:~# vi /etc/glance/glance-registry.conf [database] connection = mysql://glance:openstack@openstack/glance [keystone_authtoken] auth_uri=http://openstack:5000/v2.0 identity_uri = http://openstack:35357 admin_tenant_name = service admin_user = glance admin_password = glance [paste_deploy] flavor=keystone
然后同步数据,并且重启服务
root@openstack:~# su -s /bin/sh -c "glance-manage db_sync" glance /usr/lib/python2.7/dist-packages/sqlalchemy/engine/default.py:436: Warning: Invalid utf8 character string: '80027D' cursor.execute(statement, parameters) root@openstack:~# service glance-registry restart glance-registry stop/waiting glance-registry start/running, process 22752 root@openstack:~# service glance-api restart glance-api stop/waiting glance-api start/running, process 22771
为了创建镜像,我们先配置一个管理员的环境变量keystonerc_admin.sh
vi ~/keystonerc_admin.sh export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.61.122:35357/v2.0最后创建一个镜像,利用本地的cirros-0.3.3-x86_64.img。
root@openstack:~# source keystonerc_admin.sh root@openstack:~# glance image-list +----+------+-------------+------------------+------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +----+------+-------------+------------------+------+--------+ +----+------+-------------+------------------+------+--------+ root@openstack:~# ls b9e8218bd6a146ce0741 keystonerc_admin.sh set_env.sh root@openstack:~# glance image-create --name "cirros-0.3.3" --file /home/hadoop/cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress [=============================>] 100% +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | 133eae9fb1c98f45894a4e60d8736619 | | container_format | bare | | created_at | 2017-02-19T19:02:07 | | deleted | False | | deleted_at | None | | disk_format | qcow2 | | id | e90f1aed-58f9-427e-ba24-c440c3dbc04e | | is_public | True | | min_disk | 0 | | min_ram | 0 | | name | cirros-0.3.3 | | owner | 23a84fb4bf9f4078a54adc63627ea224 | | protected | False | | size | 13200896 | | status | active | | updated_at | 2017-02-19T19:02:09 | | virtual_size | None | +------------------+--------------------------------------+ root@openstack:~# glance image-list +--------------------------------------+--------------+-------------+------------------+----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+--------------+-------------+------------------+----------+--------+ | e90f1aed-58f9-427e-ba24-c440c3dbc04e | cirros-0.3.3 | qcow2 | bare | 13200896 | active | +--------------------------------------+--------------+-------------+------------------+----------+--------+ root@openstack:~#
第五步、安装计算服务nova,并配置和启动服务;
创建nova数据库,并且授权用户nova:nova
mysql> create database nova; Query OK, 1 row affected (0.00 sec) mysql> grant all privileges on nova.* to nova@'%' identified by 'nova'; Query OK, 0 rows affected (0.00 sec)
使用keystone命令创建nova组件相关的用户和服务
root@openstack:~# keystone user-create --name nova --pass nova --email [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | 88bb5fda2beb402eb0a32437d5b22602 | | name | nova | | username | nova | +----------+----------------------------------+ root@openstack:~# keystone user-role-add --user nova --tenant service --role admin root@openstack:~# keystone service-create --name nova --type compute --description "Openstack Nova Compute" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Openstack Nova Compute | | enabled | True | | id | 15f88fd8b9b1439da7c8a4fb7649f422 | | name | nova | | type | compute | +-------------+----------------------------------+ root@openstack:~# keystone service-list | awk '/ compute / {print $2}' 15f88fd8b9b1439da7c8a4fb7649f422 root@openstack:~# keystone endpoint-create --service-id=15f88fd8b9b1439da7c8a4fb7649f422 \ > --publicurl http://openstack:8774/v2/%\(tenant_id\)s \ > --internalurl http://openstack:8774/v2/%\(tenant_id\)s \ > --adminurl http://openstack:8774/v2/%\(tenant_id\)s \ > --region regionOne +-------------+------------------------------------------+ | Property | Value | +-------------+------------------------------------------+ | adminurl | http://openstack:8774/v2.0/%(tenant_id)s | | id | c5e8f6ccda524fcf9f2fcf33e66490ab | | internalurl | http://openstack:8774/v2.0/%(tenant_id)s | | publicurl | http://openstack:8774/v2.0/%(tenant_id)s | | region | regionOne | | service_id | 15f88fd8b9b1439da7c8a4fb7649f422 | +-------------+------------------------------------------+
安装nova组件并配置/etc/nova/nova.conf文件
root@openstack:~# apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-scheduler noa-novncproxy python-novaclient Reading package lists... Done Building dependency tree Reading state information... Done
vi /etc/nova/nova.conf [default] verbose=True auth_strategy=keystone rpc_backend=rabbit rabbit_host=openstack rabbit_password=guest my_ip=192.168.61.122 vncserver_listener=192.168.61.122 vncserver_proxyclient_address=192.168.61.122 [database] connection=mysql://nova:nova@openstack/nova [keystone_authtoken] auth_uri=http://openstack:5000 identify_uri=http://openstack:35357 admin_tenant_name=service admin_user=nova admin_password=nova [glance] host=openstack
root@openstack:~# vi restartnova.sh #!/bin/sh service nova-api restart service nova-cert restart service nova-consoleauth restart service nova-scheduler restart service nova-conductor restart service nova-novncproxy restart root@openstack:~# chmod 777 restartnova.sh root@openstack:~# sh restartnova.sh
验证nova安装和启动
root@openstack:~# nova image-list +--------------------------------------+--------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+--------------+--------+--------+ | e90f1aed-58f9-427e-ba24-c440c3dbc04e | cirros-0.3.3 | ACTIVE | | +--------------------------------------+--------------+--------+--------+ root@openstack:~# nova service-list +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-cert | openstack | internal | enabled | up | 2017-02-19T21:07:53.000000 | - | | 2 | nova-consoleauth | openstack | internal | enabled | up | 2017-02-19T21:07:53.000000 | - | | 3 | nova-scheduler | openstack | internal | enabled | up | 2017-02-19T21:07:53.000000 | - | | 4 | nova-conductor | openstack | internal | enabled | up | 2017-02-19T21:07:53.000000 | - | +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+ root@openstack:~#
以上安装实际上并不是计算节点的安装,还需要安装nova计算组件
apt-get install nova-compute python-novaclient有的地方提示需要改动/etc/nova/nova-compute.conf
vi /etc/nova/nova-compute.conf [libvirt] virt_type=qemu root@openstack:~#service nova-compute restart
这样再次用命令nova service-list查看nova服务时,会出现五个,即加入了nova-compute,这样nova就算安装完成。
root@openstack:~# nova service-list +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-cert | openstack | internal | enabled | up | 2017-02-19T21:27:03.000000 | - | | 2 | nova-consoleauth | openstack | internal | enabled | up | 2017-02-19T21:27:03.000000 | - | | 3 | nova-scheduler | openstack | internal | enabled | up | 2017-02-19T21:27:03.000000 | - | | 4 | nova-conductor | openstack | internal | enabled | up | 2017-02-19T21:27:03.000000 | - | | 5 | nova-compute | openstack | nova | enabled | up | 2017-02-19T21:27:02.000000 | - | +----+------------------+-----------+----------+---------+-------+----------------------------+-----------------+
第六步、安装网络服务neutron,并配置和启动服务;
创建neutron数据库,并且授权用户neutron:neutron
mysql> create database neutron; Query OK, 1 row affected (0.00 sec) mysql> grant all privileges on neutron.* to neutron@'%' identified by 'neutron'; Query OK, 0 rows affected (0.00 sec)
使用keystone命令创建neutron组件相关的用户和服务
root@openstack:~# keystone user-create --name neutron --pass neutron --email [email protected] +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | [email protected] | | enabled | True | | id | 8e49b076e0ba4d33bfffcfbc0258ac1b | | name | neutron | | username | neutron | +----------+----------------------------------+ root@openstack:~# keystone user-role-add --user neutron --tenant service --role admin root@openstack:~# keystone service-create --name neutron --type network --description "Openstack \ > Network" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Openstack Network | | enabled | True | | id | a7b922511b9d49f9b04addc905fc598d | | name | neutron | | type | network | +-------------+----------------------------------+ root@openstack:~# keystone endpoint-create --service-id=a7b922511b9d49f9b04addc905fc598d \ > --publicurl http://openstack:9696 \ > --internalurl http://openstack:9696 \ > --adminurl http://openstack:9696 \ > --region regionOne +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://openstack:9696 | | id | 2aa3d75f522340f59b0c74269f9e7e72 | | internalurl | http://openstack:9696 | | publicurl | http://openstack:9696 | | region | regionOne | | service_id | a7b922511b9d49f9b04addc905fc598d | +-------------+----------------------------------+
安装neutron组件并配置相关文件
apt-get install neutron-server neutron-plugin-ml2 python-neutronclient -y apt-get install neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent ipset -y
修改系统配置
vi /etc/sysctl.conf net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.ip_forward = 1 sysctl -p//生效
首先更改nova配置,增加neutron支持
vi /etc/nova/nova.conf [DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova force_dhcp_release=True libvirt_use_virtio_for_bridges=True verbose=True ec2_private_dns_show_ip=True api_paste_config=/etc/nova/api-paste.ini enabled_apis=ec2,osapi_compute,metadata auth_strategy=keystone rpc_backend=rabbit rabbit_host=openstack rabbit_password=guest my_ip=192.168.61.122 vncserver_listen=192.168.61.122 vncserver_proxyclient_address=192.168.61.122 novncproxy_base_url=http://openstack:6080/vnc_auto.html service_neutron_metadata_proxy=true neutron_metadata_proxy_shared_secret=neutron network_api_class=nova.network.neutronv2.api.API security_group_api=neutron linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver [database] connection=mysql://nova:nova@openstack/nova [keystone_authtoken] auth_uri=http://openstack:5000 identity_uri=http://openstack:35357 admin_tenant_name=service admin_user=nova admin_password=nova [glance] host=openstack [neutron] url=http://openstack:9696 auth_strategy=keystone admin_auth_url=http://openstack:35357/v2.0 admin_tenant_name=service admin_username=neutron admin_password=neutron
修改neutron主配置文件/etc/neutron/neutron.conf
vi /etc/neutron.conf [DEFAULT] verbose = True core_plugin = ml2 service_plugins =router auth_strategy = keystone allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes=True nova_url = http://openstack:8774/v2 nova_admin_auth_url=http://openstack:35357/v2.0 nova_region_name =regionOne nova_admin_username =nova nova_admin_tenant_id =a4363a87992a4be7aba64be211338b5c nova_admin_password =nova nova_admin_auth_url =http://openstack:35357/v2.0 rabbit_host=openstack rabbit_password=guest rpc_backend=rabbit [keystone_authtoken] auth_host = 192.168.61.122 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = neutron [database] connection = mysql://neutron:neutron@openstack/neutron
修改neutron插件配置,四个配置文件
vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = local,flat,vlan,gre,vxlan tenant_network_types = vlan mechanism_drivers = openvswitch,linuxbridge [ml2_type_vlan] network_vlan_ranges = physnet1:1000:2999 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver [ovs] local_ip=192.168.56.145 tenant_network_type=vlan integration_bridge=br-int network_vlan_ranges=physnet1:1000:2999 bridge_mappings=physnet1:br0
vi /etc/neutron/l3_agent.ini [DEFAULT] verbose=True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces = True external_network_bridge = br0
vi /etc/neutron/dhcp_agent.ini [DEFAULT] verbose=True interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq use_namespaces = True
vi /etc/neutron/metadata_agent.ini [DEFAULT] verbose=True auth_url = http://openstack:5000/v2.0 auth_region = regionOne admin_tenant_name = service admin_user = neutron admin_password = neutron nova_metadata_ip = 192.168.56.145 metadata_proxy_shared_secret =neutron
更改完成之后,同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
然后依次启动nova,neutron相关服务
//nova restart service nova-api restart service nova-cert restart service nova-consoleauth restart service nova-scheduler restart service nova-conductor restart service nova-novncproxy restart service nova-compute restart //neutron restart service neutron-server restart service openvswitch-switch restart service neutron-plugin-openvswitch-agent restart service neutron-l3-agent restart service neutron-dhcp-agent restart service neutron-metadata-agent restart
检验服务
root@openstack:~# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+ root@openstack:~# neutron agent-list +--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+ | b53c64f2-8e2a-4d46-96bf-405fc734dd79 | Metadata agent | openstack | :-) | True | neutron-metadata-agent | | cc225a4f-7586-433d-af05-54e1defa347a | DHCP agent | openstack | :-) | True | neutron-dhcp-agent | | f4d02fca-e70f-457b-81b0-3de9743fadfa | L3 agent | openstack | :-) | True | neutron-l3-agent | | fabeb6c4-2fb9-46dd-ac56-9b1ccd5b2933 | Open vSwitch agent | openstack | :-) | True | neutron-openvswitch-agent | +--------------------------------------+--------------------+-----------+-------+----------------+---------------------------+
这里还需要检验虚拟网桥设备。
如果这个界面没有出现br-int,br0的配置,需要手动添加网桥
ovs-vsctl add-br br0 //添加网桥 ovs-vsctl add-port br0 eth0 //为br0添加端口。
第七步、安装界面服务dashboard,并配置和启动服务;
利用如下命令可以安装openstack界面管理dashboard组件,针对ubuntu系统,会默认安装一套ubuntu的主题,不喜欢的
可以利用apt-get remove命令卸载该套主题。
apt-get install -y openstack-dashboard apache2 libapache2-mod-wsgi memcached python-memcache apt-get remove --purge openstack-dashboard-ubuntu-theme管理员和普通用户均可以登陆
登录之后,里面长这个样子
第八步、创建网络和创建虚拟机。
先创建公有网络,使用管理员权限(admin)
root@openstack:~# source keystonerc_admin.sh root@openstack:~# neutron net-create public-vlan --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | c3c63eab-2fcc-44fd-a4a4-0b46cba55377 | | name | public-vlan | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1080 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 23a84fb4bf9f4078a54adc63627ea224 | +---------------------------+--------------------------------------+ root@openstack:~# neutron subnet-create public-vlan --name public-subnet --allocation-pool start=192.168.61.200,end=192.168.61.230 --disable-dhcp --gateway 192.168.61.2 192.168.61.0/24 --dns-nameserver 192.168.61.2 Created a new subnet: +-------------------+------------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------------+ | allocation_pools | {"start": "192.168.61.200", "end": "192.168.61.230"} | | cidr | 192.168.61.0/24 | | dns_nameservers | 192.168.61.2 | | enable_dhcp | False | | gateway_ip | 192.168.61.2 | | host_routes | | | id | 24467a95-5c8f-4fbc-a133-8432b220c5c3 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public-subnet | | network_id | c3c63eab-2fcc-44fd-a4a4-0b46cba55377 | | tenant_id | 23a84fb4bf9f4078a54adc63627ea224 | +-------------------+------------------------------------------------------+再创建私有网络,使用hadoop用户,先配置一个hadoop用户的环境变量:
vi keystonerc_hadoop.sh export OS_TENANT_NAME=hadoop export OS_USERNAME=hadoop export OS_PASSWORD=hadoop export OS_AUTH_URL=http://192.168.61.122:35357/v2.0 source keystonerc_hadoop.sh然后利用hadoop用户创建用户私有网络,并添加路由器,设置路由器和网络联通。
hadoop@openstack:~$ neutron net-create hadoop-vlan Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 6fa7187f-18cc-46b2-afaa-7636c5acacbd | | name | hadoop-vlan | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 668a527fd9384b639447deaca1cf2c48 | +-----------------+--------------------------------------+ hadoop@openstack:~$ neutron subnet-create hadoop-vlan --name hadoop-subnet --allocation-pool start=10.0.1.1,end=10.0.1.253 --disable-dhcp --gateway 10.0.1.254 10.0.1.0/24 --dns-nameserver 192.168.61.2 Created a new subnet: +-------------------+--------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------+ | allocation_pools | {"start": "10.0.1.1", "end": "10.0.1.253"} | | cidr | 10.0.1.0/24 | | dns_nameservers | 192.168.61.2 | | enable_dhcp | False | | gateway_ip | 10.0.1.254 | | host_routes | | | id | 30b75ef9-4a57-45b2-9110-5a71188ccd2c | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | hadoop-subnet | | network_id | 6fa7187f-18cc-46b2-afaa-7636c5acacbd | | tenant_id | 668a527fd9384b639447deaca1cf2c48 | +-------------------+--------------------------------------------+ hadoop@openstack:~$ neutron router-create hadoop-router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 3de91186-f5ae-44e5-8602-a2dda86dae25 | | name | hadoop-router | | routes | | | status | ACTIVE | | tenant_id | 668a527fd9384b639447deaca1cf2c48 | +-----------------------+--------------------------------------+ hadoop@openstack:~$ neutron router-interface-add hadoop-router hadoop-subnet Added interface c48530e3-b317-4cf7-a0cd-1f6ffb79cc72 to router hadoop-router. hadoop@openstack:~$ neutron router-gateway-set hadoop-router public-vlan Set gateway for router hadoop-router
利用admin用户权限创建一个内存128M的虚拟机类型
root@openstack:~# nova flavor-create myos 6 128 1 1 +----+------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+------+-----------+------+-----------+------+-------+-------------+-----------+ | 6 | myos | 128 | 1 | 0 | | 1 | 1.0 | True | +----+------+-----------+------+-----------+------+-------+-------------+-----------+ root@openstack:~# nova flavor-list +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | | 6 | myos | 128 | 1 | 0 | | 1 | 1.0 | True | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
最后可以利用命令行创建虚拟机,创建虚拟机需要网络ID,镜像名称,可以先查询出来:
hadoop@openstack:~$ nova image-list +--------------------------------------+--------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+--------------+--------+--------+ | e90f1aed-58f9-427e-ba24-c440c3dbc04e | cirros-0.3.3 | ACTIVE | | +--------------------------------------+--------------+--------+--------+ hadoop@openstack:~$ nova net-list +--------------------------------------+-------------+------+ | ID | Label | CIDR | +--------------------------------------+-------------+------+ | 6fa7187f-18cc-46b2-afaa-7636c5acacbd | hadoop-vlan | None | | c3c63eab-2fcc-44fd-a4a4-0b46cba55377 | public-vlan | None | +--------------------------------------+-------------+------+ hadoop@openstack:~$ nova boot --flavor 6 --image cirros-0.3.3 --nic net-id=6fa7187f-18cc-46b2-afaa-7636c5acacbd cirros-hadoop +--------------------------------------+-----------------------------------------------------+ | Property | Value | +--------------------------------------+-----------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | DCCc9MfyJWny | | config_drive | | | created | 2017-02-20T01:04:21Z | | flavor | myos (6) | | hostId | | | id | 10bffbbb-a02c-4ba1-8823-4819986a5785 | | image | cirros-0.3.3 (e90f1aed-58f9-427e-ba24-c440c3dbc04e) | | key_name | - | | metadata | {} | | name | cirros-hadoop | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | default | | status | BUILD | | tenant_id | 668a527fd9384b639447deaca1cf2c48 | | updated | 2017-02-20T01:04:22Z | | user_id | 4e3ccc059d754c6a94e9a82d187bff8d | +--------------------------------------+-----------------------------------------------------+
总结:
openstack绝对是我遇到的最难安装和部署的服务,没有之一,首先他的概念就很多:keystone,glance,nova,neutron,cinder,
swift,horizon,还有基础服务rabbitmq,mysql,memcache,apache,再就是每一个模块又有很多概念,比如keystone中简单的就有
租户,用户,角色,不同的角色对应不同的操作权限,nova就更复杂了,包括计算,授权,网络,调度等服务,还和neutron
紧密结合。创建虚拟机实例时又有内网和公网,路由器等设置,还有镜像选择,创建了虚拟机,访问的时候还要设置安全组,
容许ping,ssh等功能,这些环环相扣,密不可分,其实难点还在于网络的设置,单机安装部署,毕竟不像多台机器controller节
点和compute节点还有network节点分的那么细致,各司其职,单机部署所有节点的功能都集中在一台机器,配置相对复杂,
但是按照多节点部署的思路,还是可以完成的。