网络环境

  服务器名           ip地址                      服务
essex-controller  10.193.17.102   keystone,glance,nova,ec2,rabbitmq,dashboard
essex-compute01   10.193.17.101                   nova
 
此文为本人装环境之间的一些经验,经验证,VNC还有问题,不过其实不影响效果,下一步研究方向是新的网络模块quantum
 
1 系统要求
ubuntu 12.04
apt-get update && apt-get upgrade -y 
并改好/etc/hosts
10.193.17.102   essex-controller
10.193.17.101   essex-compute01
 
2  apt-get install -y ntp
 
 
3 安装keystone与mysql
 
apt-get install keystone
rm /var/lib/keystone/keystone.db
 
apt-get install python-mysqldb mysql-server
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
 
 
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Hjkl1234';
GRANT ALL ON keystone.* TO 'keystone'@'essex-controller' IDENTIFIED BY 'Hjkl1234';
flush privileges;
 
修改/etc/keystone/keystone.conf一下两行,注释掉原来的
admin_token = Hjkl1234
connection = mysql://keystone:[email protected]/keystone
 
service keystone restart
 
keystone-manage db_sync
 
用keystone创建租户
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name openstack --description "Default Tenant" --enabled true
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Default Tenant                   |
| enabled     | True                             |
| id          | 6444a344abd14a32aaf3f9ba156ec162 |
| name        | openstack                        |
+-------------+----------------------------------+
 
创建租户下的用户
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --name admin --pass Hjkl1234 --enabled true
 
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property |                                                          Value                                                          |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 214b9c6c9105410292c98402413e6afa                                                                                     |
| name     | admin                                                                                                                   |
| password | $6$rounds=40000$q3zWcK84rdE3Hvjt$GHeNO9ju27a5Pj5L9ArM0MaoVjVuGVdztDJ8JiCRH9EW61T2Dn2KbPe083Y2a7VCmoNYuPpOHAmrM9WFDu0yW1 |
| tenantId | 6444a344abd14a32aaf3f9ba156ec162                                                                                        |
+----------+-------------------------------------------------------------------------------------------------------------------------+
 
创建用户的角色(这里创建了两个用户admin和memberrole)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name admin
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| id       | 7714dad3d4e14c0c838c1b970572cc15 |
| name     | admin                            |
+----------+----------------------------------+
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name memberRole
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
| id       | d0670b34e2084649904e7cfd70508ae4 |
| name     | memberRole                       |
+----------+----------------------------------+
 
 
给admin用户赋admin角色 租户是openstack(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 214b9c6c9105410292c98402413e6afa --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --role 7714dad3d4e14c0c838c1b970572cc15
 
接下来开始添加服务
 
1. 建一个服务的租户,这个租户包含所有的服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name service --description "Service Tenant" --enabled true
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Service Tenant                   |
| enabled     | True                             |
| id          | 734a587e7c4e48a0ab4c28fb9c47682f |
| name        | service                          |
+-------------+----------------------------------+
 
2. 创建glance服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name glance --pass glance --enabled true
 
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property |                                                          Value                                                          |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 40500ca6834740519b70dc0eeae2b364                                                                                       |
| name     | glance                                                                                                                  |
| password | $6$rounds=40000$/Yepnc3hY7Cn.TmA$OlJegXoxUHyRn9aHDyFOCnD9CcTUS6QSTRwDQ3I9XZ937T7.1vjGwMg4ydt3S7e/2d8nayJek/j9ot/kACUsI/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f                                                                                        |
+----------+-------------------------------------------------------------------------------------------------------------------------+
 
给glance用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 40500ca6834740519b70dc0eeae2b364 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
 
3. 创建nova服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name nova --pass nova --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property |                                                          Value                                                          |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 15632b7a83f64ac7b51d23d1e5bbff63                                                                                        |
| name     | nova                                                                                                                    |
| password | $6$rounds=40000$VQBd7WcHjy68cYqS$Jxyq6GrQAOJdD2Tfn7ImXg13ZZ.YmMsDLITqf6/fK2Zyv75womwo75.YFRdhcR6xdVd7WdQY1HaPJFqz9WjzI0 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f                                                                                        |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给nova用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 15632b7a83f64ac7b51d23d1e5bbff63 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
 
4.创建EC2服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name ec2 --pass ec2 --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property |                                                          Value                                                          |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 48eebb4b138b4a60a75113c5ff4fad9a                                                                                        |
| name     | ec2                                                                                                                     |
| password | $6$rounds=40000$kmgkePa4iIfYk/tX$SA1sLHlorxRs2N36RqJYpFW5NyOfQmN09NFymDwloXZEZo0eAiQxzbVOvcrVbjln5/fP8PUh4v2QkXgPlUnxp/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f                                                                                        |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给ec2用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 48eebb4b138b4a60a75113c5ff4fad9a --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
 
5创建swift服务(我的环境没有存储所以用不到)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name swift --pass swift --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property |                                                          Value                                                          |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | b76183b5e8bf4303a33e8995418f870c                                                                                        |
| name     | swift                                                                                                                   |
| password | $6$rounds=40000$ePVnxZYqUhrVPZFX$b7tVj2ZQwE6K5wBdfoEKk9uIAWEYWA79FMSLj2yO1s0veU2Zf2g9v7zlp9mdbGLkrEhuYQnfPfMV17RT2d76A1 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f                                                                                        |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给swift用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user b76183b5e8bf4303a33e8995418f870c --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
 
 
 
建立keystone的服务和服务端
 
1.定义identity service
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 service-create \
 --name=keystone \
 --type=identity \
 --description="Keystone Identity Service"
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Keystone Identity Service        |
| id          | e1db6408b82748a9ab191f6357776651 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
 
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 endpoint-create \
 --region RegionOne \
 --service_id=e1db6408b82748a9ab191f6357776651 \
 --publicurl=http://10.193.17.102:5000/v2.0 \
 --internalurl=http://10.193.17.102:5000/v2.0 \
 --adminurl=http://10.193.17.102:35357/v2.0
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| adminurl    | http://10.193.17.102:35357/v2.0  |
| id          | 5bae7d5e9df44a9b8737e1940e8303d1 |
| internalurl | http://10.193.17.102:5000/v2.0   |
| publicurl   | http://10.193.17.102:5000/v2.0   |
| region      | RegionOne                        |
| service_id  | e1db6408b82748a9ab191f6357776651 |
+-------------+----------------------------------+
 
2.定义compute service
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
 --name=nova \
 --type=compute \
 --description="Nova Compute Service"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Nova Compute Service             |
| id          | a0d5524cb6f042f4ad4c899a11895125 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
 
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
 --region RegionOne \
 --service_id=a0d5524cb6f042f4ad4c899a11895125 \
 --publicurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
 --internalurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
 --adminurl='http://10.193.17.102:8774/v2/%(tenant_id)s'
 
+-------------+--------------------------------------------+
|   Property  |                   Value                    |
+-------------+--------------------------------------------+
| adminurl    | http://10.193.17.102:8774/v2/%(tenant_id)s |
| id          | 7ef213eab7094223a56c9a65fb12b76a           |
| internalurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| publicurl   | http://10.193.17.102:8774/v2/%(tenant_id)s |
| region      | RegionOne                                  |
| service_id  | a0d5524cb6f042f4ad4c899a11895125           |
+-------------+--------------------------------------------+
 
3.定义Volume service
keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
 --name=volume \
 --type=volume \
 --description="Nova Volume Service"
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Nova Volume Service              |
| id          | e081ff3318fb423cb9590204f3d9737a |
| name        | volume                           |
| type        | volume                           |
+-------------+----------------------------------+
 
TENANT=734a587e7c4e48a0ab4c28fb9c47682f
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 endpoint-create \
 --region RegionOne \
 --service_id=e081ff3318fb423cb9590204f3d9737a \
 --publicurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
 --internalurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
 --adminurl='http://10.193.17.102:8776/v1/%(tenant_id)s' 
 
+-------------+--------------------------------------------+
|   Property  |                   Value                    |
+-------------+--------------------------------------------+
| adminurl    | http://10.193.17.102:8776/v1/%(tenant_id)s |
| id          | 059b03b6c36d46919f08d6f86c9c820c           |
| internalurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| publicurl   | http://10.193.17.102:8776/v1/%(tenant_id)s |
| region      | RegionOne                                  |
| service_id  | e081ff3318fb423cb9590204f3d9737a           |
+-------------+--------------------------------------------+
 
4.定义Image service
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 service-create \
 --name=glance \
 --type=p_w_picpath \
 --description="Glance Image Service"
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Glance Image Service             |
| id          | a00c651854dc4bf39471f905e90e0648 |
| name        | glance                           |
| type        | p_w_picpath                            |
+-------------+----------------------------------+
 
 
keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 endpoint-create \
 --region RegionOne \
 --service_id=a00c651854dc4bf39471f905e90e0648 \
 --publicurl=http://10.193.17.102:9292/v1 \
 --internalurl=http://10.193.17.102:9292/v1 \
 --adminurl=http://10.193.17.102:9292/v1
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| adminurl    | http://10.193.17.102:9292/v1     |
| id          | 8484aa912b5d46fe81a359c7abef9b12 |
| internalurl | http://10.193.17.102:9292/v1     |
| publicurl   | http://10.193.17.102:9292/v1     |
| region      | RegionOne                        |
| service_id  | a00c651854dc4bf39471f905e90e0648 |
+-------------+----------------------------------+
 
 
5.定义EC2 service
keystone  --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 service-create \
 --name=ec2 \
 --type=ec2 \
 --description="EC2 Compatibility Layer"
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | EC2 Compatibility Layer          |
| id          | 2bf39cecd53749aab495dc188cac81bf |
| name        | ec2                              |
| type        | ec2                              |
+-------------+----------------------------------+
 
 keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 endpoint-create \
 --region RegionOne \
 --service_id=2bf39cecd53749aab495dc188cac81bf \
 --publicurl=http://10.193.17.102:8773/services/Cloud \
 --internalurl=http://10.193.17.102:8773/services/Cloud \
 --adminurl=http://10.193.17.102:8773/services/Admin
 
+-------------+------------------------------------------+
|   Property  |                  Value                   |
+-------------+------------------------------------------+
| adminurl    | http://10.193.17.102:8773/services/Admin |
| id          | 26ffe3549d504af3bbd8cba090659402         |
| internalurl | http://10.193.17.102:8773/services/Cloud |
| publicurl   | http://10.193.17.102:8773/services/Cloud |
| region      | RegionOne                                |
| service_id  | 2bf39cecd53749aab495dc188cac81bf         |
+-------------+------------------------------------------+
 
6 定义swift service(这里没有环境不一定要做)
keystone  --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 service-create \
 --name=swift \
 --type=object-store \
 --description="Object Storage Service"
 
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description | Object Storage Service           |
| id          | 42a7e3d582a84fffbbcb833eb756baa1 |
| name        | swift                            |
| type        | object-store                     |
+-------------+----------------------------------+
 
keystone --token Hjkl1234 \
 --endpoint http://10.193.17.102:35357/v2.0/ \
 endpoint-create \
 --region RegionOne \
 --service_id=42a7e3d582a84fffbbcb833eb756baa1 \
 --publicurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s' \
 --adminurl='http://127.0.0.1:8080/' \
 --internalurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s'
 
+-------------+---------------------------------------------+
|   Property  |                    Value                    |
+-------------+---------------------------------------------+
| adminurl    | http://127.0.0.1:8080/                      |
| id          | 51445ceebe7c4bdba1ed31036c4112b1            |
| internalurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| publicurl   | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| region      | RegionOne                                   |
| service_id  | 42a7e3d582a84fffbbcb833eb756baa1            |
+-------------+---------------------------------------------+
 
 
验证keystone服务
sudo apt-get install curl openssl
命令格式:curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
 
这里的命令是
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
显示结果
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   352    0   244  100   108   1920    850 --:--:-- --:--:-- --:--:--  2000
{
    "access": {
        "serviceCatalog": {}, 
        "token": {
            "expires": "2012-05-05T05:39:12Z", 
            "id": "56aa4c0660274d7eb496b3de7c0eaa7d"
        }, 
        "user": {
            "id": "214b9c6c9105410292c98402413e6afa", 
            "name": "admin", 
            "roles": [], 
            "roles_links": [], 
            "username": "admin"
        }
    }
}
这样应该是正确的
也可以用这条命令
curl -d '{"auth": {"tenantName": "openstack", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2258    0  2152  100   106  13731    676 --:--:-- --:--:-- --:--:-- 14251
{
    "access": {
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162", 
                        "internalURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162", 
                        "publicURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "nova", 
                "type": "compute"
            }, 
            {
                "endpoints": [
                    {
                        "adminURL": "http://10.193.17.102:9292/v1", 
                        "internalURL": "http://10.193.17.102:9292/v1", 
                        "publicURL": "http://10.193.17.102:9292/v1", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "glance", 
                "type": "p_w_picpath"
            }, 
            {
                "endpoints": [
                    {
                        "adminURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162", 
                        "internalURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162", 
                        "publicURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "volume", 
                "type": "volume"
            }, 
            {
                "endpoints": [
                    {
                        "adminURL": "http://10.193.17.102:8773/services/Admin", 
                        "internalURL": "http://10.193.17.102:8773/services/Cloud", 
                        "publicURL": "http://10.193.17.102:8773/services/Cloud", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "ec2", 
                "type": "ec2"
            }, 
            {
                "endpoints": [
                    {
                        "adminURL": "http://127.0.0.1:8080/", 
                        "internalURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162", 
                        "publicURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "swift", 
                "type": "object-store"
            }, 
            {
                "endpoints": [
                    {
                        "adminURL": "http://10.193.17.102:35357/v2.0", 
                        "internalURL": "http://10.193.17.102:5000/v2.0", 
                        "publicURL": "http://10.193.17.102:5000/v2.0", 
                        "region": "RegionOne"
                    }
                ], 
                "endpoints_links": [], 
                "name": "keystone", 
                "type": "identity"
            }
        ], 
        "token": {
            "expires": "2012-05-05T05:42:50Z", 
            "id": "07b85322e0904098a4e2bdbc257a998c", 
            "tenant": {
                "description": "Default Tenant", 
                "enabled": true, 
                "id": "6444a344abd14a32aaf3f9ba156ec162", 
                "name": "openstack"
            }
        }, 
        "user": {
            "id": "214b9c6c9105410292c98402413e6afa", 
            "name": "admin", 
            "roles": [
                {
                    "id": "7714dad3d4e14c0c838c1b970572cc15", 
                    "name": "admin"
                }
            ], 
            "roles_links": [], 
            "username": "admin"
        }
    }
}
 
 
4 安装glance服务
apt-get install glance
 
rm /var/lib/glance/glance.sqlite 
删除此文件去掉sqlite模式,用mysql模式
 
创建数据库
mysql -u root -p
Enter password: 
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';             
GRANT ALL ON glance.* TO 'glance'@'essex-controller' IDENTIFIED BY 'glance';       
flush privileges;
quit
 
修改glance相关配置文件
vi /etc/glance/glance-api-paste.ini
[pipeline:glance-api]
pipeline = versionnegotiation authtoken auth-context apiv1app
 
admin_tenant_name = service
admin_user = glance
admin_password = glance
 
vi /etc/glance/glance-api.conf
在最后添加
[paste_deploy]
flavor = keystone
 
重启服务:service glance-api restart
 
vi /etc/glance/glance-registry.conf
sql_connection = mysql://glance:[email protected]/glance
在最后添加
[paste_deploy]
flavor = keystone 
 
vi /etc/glance/glance-registry-paste.ini
[pipeline:glance-registry]
#pipeline = context registryapp
# NOTE: use the following pipeline for keystone
pipeline = authtoken auth-context context registryapp
 
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance
 
 
 
重启服务:service glance-registry restart 
          service glance-api restart
 
#On Ubuntu 12.04, the database tables are under version control and you must do these steps on a new install to prevent the Image service from breaking possible upgrades.
 
glance-manage version_control 0
glance-manage db_sync
 
验证glance服务:
glance --version
glance 2012.1
 
先加上变量环境
vi openrc
export OS_USERNAME=admin
export OS_TENANT_NAME=openstack
export OS_PASSWORD=Hjkl1234
export OS_AUTH_URL=http://10.193.17.102:5000/v2.0/
export OS_REGION_NAME=RegionOne
 
source openrc
 
glance add name="CentOS 5.5 x86_64" is_public=true container_format=ovf disk_format=raw < /tmp/centos.img  
Uploading p_w_picpath 'CentOS 5.5 x86_64'
================================================================================================[100%] 77.2M/s, ETA  0h  0m  0s
Added new p_w_picpath with ID: 338f52f9-98e1-4bc8-bd7f-a8226c82d0ca
glance index
ID                                   Name                           Disk Format          Container Format     Size          
------------------------------------ ------------------------------ -------------------- -------------------- --------------
ae96fc6c-2ae1-48ff-a9c4-8a449a15e9e6 CentOS 5.5 x86_64              raw                  ovf                     10737418240
即表示成功
 
5 网络
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
        address 10.193.17.102
        netmask 255.255.248.0
        network 10.193.16.0
        broadcast 10.193.23.255
        gateway 10.193.16.1
 
auto eth1
iface eth1 inet static
        address 10.193.113.102
        netmask 255.255.248.0
 
auto br300 
iface br300 inet static 
address 10.0.0.1 
netmask 255.255.255.0 
bridge_stp off
bridge_fd 0
 
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
 
配置nova数据库
mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-controller' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-compute01' IDENTIFIED BY 'nova';
flush privileges;
 
6 安装Cloud Controller (RabbitMQ)
apt-get install rabbitmq-server
 
更改 RABBITMQ 消息队列服务 guest 用户默认密码为 openstack
rabbitmqctl change_password guest openstack
 
安装nova的包
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network 
apt-get install python-novnc novnc 
 
一下应用于其他用户启动openstack
groupadd nova
usermod -g nova nova
chown -R root:nova /etc/nova
chmod 640 /etc/nova/nova.conf
 
nova.conf配置
 
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
 
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
 
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
 
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
 
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
 
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
 
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
 
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
 
# GLANCE
--p_w_picpath_service=nova.p_w_picpath.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
 
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.102
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges
 
# NOVNC CONSOLE
--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.102
--vncserver_listen=10.193.17.102
 
 
 
 
修改/etc/nova/api-paste.ini 文件
admin_tenant_name = service
admin_user = nova
admin_password = nova
 
 
 
 
 
重启命令(可以把它写成一个脚本)
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
 
nova-manage db sync
 
 
建立好内网和floating_ip
nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br300 --bridge_interface=eth1 --network_size=250
nova-manage floating create --ip_range=10.193.113.150/27
重启服务
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
 
 
7 安装DASHBOARD
apt-get install -y memcached libapache2-mod-wsgi openstack-dashboard
 
编辑/etc/openstack-dashboard/local_settings.py 
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
这个参数与/etc/memcached.conf内的参数要对应
 
mysql -u root -p
create database dash;
GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-controller' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-compute01' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'localhost' IDENTIFIED BY 'dash'; 
flush privileges;
 
在/etc/openstack-dashboard/local_settings.py 增加一段
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'dash',
        'USER': 'dash',
        'PASSWORD': 'dash',
        'HOST': 'localhost',
        'default-character-set': 'utf8'
    },
}
 
附加功能,如果要开启swift(存储)和quantum(网络)两个模块的话要在/etc/openstack-dashboard/local_settings.py加上
SWIFT_ENABLED = True
QUANTUM_ENABLED = True(推荐False,这个是F版本的核心项目)
 
同步数据库
/usr/share/openstack-dashboard/manage.py syncdb 
输出:
Installing custom SQL ...
Installing indexes ...
DEBUG:django.db.backends:(0.008) CREATE INDEX `django_session_c25c2c28` ON `django_session` (`expire_date`);; args=()
No fixtures found.
If you want to avoid a warning when restarting apache2, create a blackhole directory in the dashboard directory like so:
 
mkdir -p /var/lib/dash/.blackhole
restart nova-api
 
打开ICMP协议和22端口
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
 
 
故障,如果nova-volume.log里出现Error: volume group nova-volumes doesn't exist 
解决办法,自己建立一个名字叫nova-volumes 的lvm组
 
 
Appendix A:  使用nova-volume 
 
Essex Dashboard可以管理nova-volume。有两种办法来实现
 
默认nova是直接使用vg名字为nova-volume的卷。这个是可以在nova.conf 定义,你是可以修改的。
 
 
 
1:如果系统上没有多余的分区做 LVM 的话可以用一个文件来充当硬盘,
 
新建一个文件来做 LVM:
 
DD一个设备
 
# dd if=/dev/zero of=/opt/nova-volumes.img bs=1M seek=100000 count=0
 
加载一个设备
 
# losetup -f nova-volumes.img
 
查看加载情况
# losetup -a
/dev/loop0: [0801]:35127298 (/opt/nova-volumes.img)
 
创建一个nova-volume的卷
 
# vgcreate nova-volumes /dev/loop0
  No physical volume label read from /dev/loop0
  Physical volume "/dev/loop0" successfully created
  Volume group "nova-volumes" successfully created
 
查看卷
 
#vgdisplay
 
就可以看到创建好的nova-volume。
 
创建一个5G的卷,名字为volume1
 
nova volume-create --display_name "volume1" 5
 
创建完后,可以
 
nova volume-list
 
 
 
创建的过程非常慢,看status完成后,才能attach。
 
如果希望删除创建的volume,目前我知道的就只能通过
 
euca-describe-volumes
euca-delete-volume vol-00000001
 
 
 
把卷添加给虚拟机,1,表示ID号
 
nova volume-attach superfrobnicator 1 /dev/vdb
 
 
 
2:单独一块盘
 
# pvcreate /dev/sdb1
 
# pvdisplay
 
#vgcreate nova-volumes /dev/sdb1
 
# vgdisplay
 
这个时候,就把sdb变成了一个nova-volume。这个时候,在dashboard里,就可以直接管理,使用。
 
 
 
 
 
附加计算节点添加
 
1 系统要求
ubuntu 12.04
apt-get update && apt-get upgrade -y 
并改好/etc/hosts
10.193.17.102   essex-controller
10.193.17.101   essex-compute01
 
网卡配置
auto eth0
iface eth0 inet static
        address 10.193.17.101
        netmask 255.255.248.0
        network 10.193.16.0
        broadcast 10.193.23.255
        gateway 10.193.16.1
 
 
auto eth1
iface eth1 inet static
        address 10.193.113.101
        netmask 255.255.248.0
 
auto br300 
iface br300 inet static 
address 0.0.0.0
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
 
2  apt-get install -y ntp
ntpdate 与controller同步一下时间
 
 
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
echo '30 8 * * * root /usr/sbin/ntpdate 10.193.17.102 '>>/etc/crontab
 
3安装节点
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network 
apt-get install python-novnc novnc 
nova.conf配置文件内容
 
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
 
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
 
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
 
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
 
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
 
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
 
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
 
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
 
# GLANCE
--p_w_picpath_service=nova.p_w_picpath.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
 
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.101
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges=True
 
# NOVNC CONSOLE
#--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.101
--vncserver_listen=10.193.17.101
 
之后重启controller上的rabbitmq-server就可以了
 
修改quota(以下以修改floating_ip为例)
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 --key=floating_ips --value=128
 
查询命令
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 就能看到相应数据
 
 
参考文档  http://docs.openstack.org/trunk/openstack-compute/install/content/ch_installing-openstack-overview.html
http://wenku.baidu.com/view/004f661d6bd97f192279e948.html?from=related&hasrec=1
http://hi.baidu.com/chenshake/blog/item/4551cc5812a1b39e810a1876.html?timeStamp=1332899338413