网络环境
服务器名 ip地址 服务
essex-controller 10.193.17.102 keystone,glance,nova,ec2,rabbitmq,dashboard
essex-compute01 10.193.17.101 nova
此文为本人装环境之间的一些经验,经验证,VNC还有问题,不过其实不影响效果,下一步研究方向是新的网络模块quantum
1 系统要求
ubuntu 12.04
apt-get update && apt-get upgrade -y
并改好/etc/hosts
10.193.17.102 essex-controller
10.193.17.101 essex-compute01
2 apt-get install -y ntp
3 安装keystone与mysql
apt-get install keystone
rm /var/lib/keystone/keystone.db
apt-get install python-mysqldb mysql-server
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Hjkl1234';
GRANT ALL ON keystone.* TO 'keystone'@'essex-controller' IDENTIFIED BY 'Hjkl1234';
flush privileges;
修改/etc/keystone/keystone.conf一下两行,注释掉原来的
admin_token = Hjkl1234
connection = mysql://keystone:[email protected]/keystone
service keystone restart
keystone-manage db_sync
用keystone创建租户
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name openstack --description "Default Tenant" --enabled true
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Default Tenant |
| enabled | True |
| id | 6444a344abd14a32aaf3f9ba156ec162 |
| name | openstack |
+-------------+----------------------------------+
创建租户下的用户
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --name admin --pass Hjkl1234 --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 214b9c6c9105410292c98402413e6afa |
| name | admin |
| password | $6$rounds=40000$q3zWcK84rdE3Hvjt$GHeNO9ju27a5Pj5L9ArM0MaoVjVuGVdztDJ8JiCRH9EW61T2Dn2KbPe083Y2a7VCmoNYuPpOHAmrM9WFDu0yW1 |
| tenantId | 6444a344abd14a32aaf3f9ba156ec162 |
+----------+-------------------------------------------------------------------------------------------------------------------------+
创建用户的角色(这里创建了两个用户admin和memberrole)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 7714dad3d4e14c0c838c1b970572cc15 |
| name | admin |
+----------+----------------------------------+
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name memberRole
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | d0670b34e2084649904e7cfd70508ae4 |
| name | memberRole |
+----------+----------------------------------+
给admin用户赋admin角色 租户是openstack(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 214b9c6c9105410292c98402413e6afa --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --role 7714dad3d4e14c0c838c1b970572cc15
接下来开始添加服务
1. 建一个服务的租户,这个租户包含所有的服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name service --description "Service Tenant" --enabled true
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 734a587e7c4e48a0ab4c28fb9c47682f |
| name | service |
+-------------+----------------------------------+
2. 创建glance服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name glance --pass glance --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 40500ca6834740519b70dc0eeae2b364 |
| name | glance |
| password | $6$rounds=40000$/Yepnc3hY7Cn.TmA$OlJegXoxUHyRn9aHDyFOCnD9CcTUS6QSTRwDQ3I9XZ937T7.1vjGwMg4ydt3S7e/2d8nayJek/j9ot/kACUsI/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给glance用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 40500ca6834740519b70dc0eeae2b364 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
3. 创建nova服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name nova --pass nova --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 15632b7a83f64ac7b51d23d1e5bbff63 |
| name | nova |
| password | $6$rounds=40000$VQBd7WcHjy68cYqS$Jxyq6GrQAOJdD2Tfn7ImXg13ZZ.YmMsDLITqf6/fK2Zyv75womwo75.YFRdhcR6xdVd7WdQY1HaPJFqz9WjzI0 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给nova用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 15632b7a83f64ac7b51d23d1e5bbff63 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
4.创建EC2服务
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name ec2 --pass ec2 --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 48eebb4b138b4a60a75113c5ff4fad9a |
| name | ec2 |
| password | $6$rounds=40000$kmgkePa4iIfYk/tX$SA1sLHlorxRs2N36RqJYpFW5NyOfQmN09NFymDwloXZEZo0eAiQxzbVOvcrVbjln5/fP8PUh4v2QkXgPlUnxp/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给ec2用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 48eebb4b138b4a60a75113c5ff4fad9a --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
5创建swift服务(我的环境没有存储所以用不到)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name swift --pass swift --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | b76183b5e8bf4303a33e8995418f870c |
| name | swift |
| password | $6$rounds=40000$ePVnxZYqUhrVPZFX$b7tVj2ZQwE6K5wBdfoEKk9uIAWEYWA79FMSLj2yO1s0veU2Zf2g9v7zlp9mdbGLkrEhuYQnfPfMV17RT2d76A1 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
给swift用户赋admin角色 租户是service(这条命令打完应该没有任何输出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user b76183b5e8bf4303a33e8995418f870c --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
建立keystone的服务和服务端
1.定义identity service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=keystone \
--type=identity \
--description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | e1db6408b82748a9ab191f6357776651 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=e1db6408b82748a9ab191f6357776651 \
--publicurl=http://10.193.17.102:5000/v2.0 \
--internalurl=http://10.193.17.102:5000/v2.0 \
--adminurl=http://10.193.17.102:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://10.193.17.102:35357/v2.0 |
| id | 5bae7d5e9df44a9b8737e1940e8303d1 |
| internalurl | http://10.193.17.102:5000/v2.0 |
| publicurl | http://10.193.17.102:5000/v2.0 |
| region | RegionOne |
| service_id | e1db6408b82748a9ab191f6357776651 |
+-------------+----------------------------------+
2.定义compute service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=nova \
--type=compute \
--description="Nova Compute Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Compute Service |
| id | a0d5524cb6f042f4ad4c899a11895125 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=a0d5524cb6f042f4ad4c899a11895125 \
--publicurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
--internalurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
--adminurl='http://10.193.17.102:8774/v2/%(tenant_id)s'
+-------------+--------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------+
| adminurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| id | 7ef213eab7094223a56c9a65fb12b76a |
| internalurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| publicurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| region | RegionOne |
| service_id | a0d5524cb6f042f4ad4c899a11895125 |
+-------------+--------------------------------------------+
3.定义Volume service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=volume \
--type=volume \
--description="Nova Volume Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Volume Service |
| id | e081ff3318fb423cb9590204f3d9737a |
| name | volume |
| type | volume |
+-------------+----------------------------------+
TENANT=734a587e7c4e48a0ab4c28fb9c47682f
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=e081ff3318fb423cb9590204f3d9737a \
--publicurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
--internalurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
--adminurl='http://10.193.17.102:8776/v1/%(tenant_id)s'
+-------------+--------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------+
| adminurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| id | 059b03b6c36d46919f08d6f86c9c820c |
| internalurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| publicurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | e081ff3318fb423cb9590204f3d9737a |
+-------------+--------------------------------------------+
4.定义Image service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=glance \
--type=p_w_picpath \
--description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | a00c651854dc4bf39471f905e90e0648 |
| name | glance |
| type | p_w_picpath |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=a00c651854dc4bf39471f905e90e0648 \
--publicurl=http://10.193.17.102:9292/v1 \
--internalurl=http://10.193.17.102:9292/v1 \
--adminurl=http://10.193.17.102:9292/v1
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://10.193.17.102:9292/v1 |
| id | 8484aa912b5d46fe81a359c7abef9b12 |
| internalurl | http://10.193.17.102:9292/v1 |
| publicurl | http://10.193.17.102:9292/v1 |
| region | RegionOne |
| service_id | a00c651854dc4bf39471f905e90e0648 |
+-------------+----------------------------------+
5.定义EC2 service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | EC2 Compatibility Layer |
| id | 2bf39cecd53749aab495dc188cac81bf |
| name | ec2 |
| type | ec2 |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=2bf39cecd53749aab495dc188cac81bf \
--publicurl=http://10.193.17.102:8773/services/Cloud \
--internalurl=http://10.193.17.102:8773/services/Cloud \
--adminurl=http://10.193.17.102:8773/services/Admin
+-------------+------------------------------------------+
| Property | Value |
+-------------+------------------------------------------+
| adminurl | http://10.193.17.102:8773/services/Admin |
| id | 26ffe3549d504af3bbd8cba090659402 |
| internalurl | http://10.193.17.102:8773/services/Cloud |
| publicurl | http://10.193.17.102:8773/services/Cloud |
| region | RegionOne |
| service_id | 2bf39cecd53749aab495dc188cac81bf |
+-------------+------------------------------------------+
6 定义swift service(这里没有环境不一定要做)
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=swift \
--type=object-store \
--description="Object Storage Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Object Storage Service |
| id | 42a7e3d582a84fffbbcb833eb756baa1 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=42a7e3d582a84fffbbcb833eb756baa1 \
--publicurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s' \
--adminurl='http://127.0.0.1:8080/' \
--internalurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s'
+-------------+---------------------------------------------+
| Property | Value |
+-------------+---------------------------------------------+
| adminurl | http://127.0.0.1:8080/ |
| id | 51445ceebe7c4bdba1ed31036c4112b1 |
| internalurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| publicurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| region | RegionOne |
| service_id | 42a7e3d582a84fffbbcb833eb756baa1 |
+-------------+---------------------------------------------+
验证keystone服务
sudo apt-get install curl openssl
命令格式:curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
这里的命令是
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
显示结果
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 352 0 244 100 108 1920 850 --:--:-- --:--:-- --:--:-- 2000
{
"access": {
"serviceCatalog": {},
"token": {
"expires": "2012-05-05T05:39:12Z",
"id": "56aa4c0660274d7eb496b3de7c0eaa7d"
},
"user": {
"id": "214b9c6c9105410292c98402413e6afa",
"name": "admin",
"roles": [],
"roles_links": [],
"username": "admin"
}
}
}
这样应该是正确的
也可以用这条命令
curl -d '{"auth": {"tenantName": "openstack", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2258 0 2152 100 106 13731 676 --:--:-- --:--:-- --:--:-- 14251
{
"access": {
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"internalURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:9292/v1",
"internalURL": "http://10.193.17.102:9292/v1",
"publicURL": "http://10.193.17.102:9292/v1",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "glance",
"type": "p_w_picpath"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"internalURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "volume",
"type": "volume"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8773/services/Admin",
"internalURL": "http://10.193.17.102:8773/services/Cloud",
"publicURL": "http://10.193.17.102:8773/services/Cloud",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "ec2",
"type": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://127.0.0.1:8080/",
"internalURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "object-store"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:35357/v2.0",
"internalURL": "http://10.193.17.102:5000/v2.0",
"publicURL": "http://10.193.17.102:5000/v2.0",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"expires": "2012-05-05T05:42:50Z",
"id": "07b85322e0904098a4e2bdbc257a998c",
"tenant": {
"description": "Default Tenant",
"enabled": true,
"id": "6444a344abd14a32aaf3f9ba156ec162",
"name": "openstack"
}
},
"user": {
"id": "214b9c6c9105410292c98402413e6afa",
"name": "admin",
"roles": [
{
"id": "7714dad3d4e14c0c838c1b970572cc15",
"name": "admin"
}
],
"roles_links": [],
"username": "admin"
}
}
}
4 安装glance服务
apt-get install glance
rm /var/lib/glance/glance.sqlite
删除此文件去掉sqlite模式,用mysql模式
创建数据库
mysql -u root -p
Enter password:
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
GRANT ALL ON glance.* TO 'glance'@'essex-controller' IDENTIFIED BY 'glance';
flush privileges;
quit
修改glance相关配置文件
vi /etc/glance/glance-api-paste.ini
[pipeline:glance-api]
pipeline = versionnegotiation authtoken auth-context apiv1app
admin_tenant_name = service
admin_user = glance
admin_password = glance
vi /etc/glance/glance-api.conf
在最后添加
[paste_deploy]
flavor = keystone
重启服务:service glance-api restart
vi /etc/glance/glance-registry.conf
sql_connection = mysql://glance:[email protected]/glance
在最后添加
[paste_deploy]
flavor = keystone
vi /etc/glance/glance-registry-paste.ini
[pipeline:glance-registry]
#pipeline = context registryapp
# NOTE: use the following pipeline for keystone
pipeline = authtoken auth-context context registryapp
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance
重启服务:service glance-registry restart
service glance-api restart
#On Ubuntu 12.04, the database tables are under version control and you must do these steps on a new install to prevent the Image service from breaking possible upgrades.
glance-manage version_control 0
glance-manage db_sync
验证glance服务:
glance --version
glance 2012.1
先加上变量环境
vi openrc
export OS_USERNAME=admin
export OS_TENANT_NAME=openstack
export OS_PASSWORD=Hjkl1234
export OS_AUTH_URL=http://10.193.17.102:5000/v2.0/
export OS_REGION_NAME=RegionOne
source openrc
glance add name="CentOS 5.5 x86_64" is_public=true container_format=ovf disk_format=raw < /tmp/centos.img
Uploading p_w_picpath 'CentOS 5.5 x86_64'
================================================================================================[100%] 77.2M/s, ETA 0h 0m 0s
Added new p_w_picpath with ID: 338f52f9-98e1-4bc8-bd7f-a8226c82d0ca
glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
ae96fc6c-2ae1-48ff-a9c4-8a449a15e9e6 CentOS 5.5 x86_64 raw ovf 10737418240
即表示成功
5 网络
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.193.17.102
netmask 255.255.248.0
network 10.193.16.0
broadcast 10.193.23.255
gateway 10.193.16.1
auto eth1
iface eth1 inet static
address 10.193.113.102
netmask 255.255.248.0
auto br300
iface br300 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
配置nova数据库
mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-controller' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-compute01' IDENTIFIED BY 'nova';
flush privileges;
6 安装Cloud Controller (RabbitMQ)
apt-get install rabbitmq-server
更改 RABBITMQ 消息队列服务 guest 用户默认密码为 openstack
rabbitmqctl change_password guest openstack
安装nova的包
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network
apt-get install python-novnc novnc
一下应用于其他用户启动openstack
groupadd nova
usermod -g nova nova
chown -R root:nova /etc/nova
chmod 640 /etc/nova/nova.conf
nova.conf配置
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
# GLANCE
--p_w_picpath_service=nova.p_w_picpath.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.102
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges
# NOVNC CONSOLE
--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.102
--vncserver_listen=10.193.17.102
修改/etc/nova/api-paste.ini 文件
admin_tenant_name = service
admin_user = nova
admin_password = nova
重启命令(可以把它写成一个脚本)
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
nova-manage db sync
建立好内网和floating_ip
nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br300 --bridge_interface=eth1 --network_size=250
nova-manage floating create --ip_range=10.193.113.150/27
重启服务
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
7 安装DASHBOARD
apt-get install -y memcached libapache2-mod-wsgi openstack-dashboard
编辑/etc/openstack-dashboard/local_settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
这个参数与/etc/memcached.conf内的参数要对应
mysql -u root -p
create database dash;
GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-controller' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-compute01' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'localhost' IDENTIFIED BY 'dash';
flush privileges;
在/etc/openstack-dashboard/local_settings.py 增加一段
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'dash',
'USER': 'dash',
'PASSWORD': 'dash',
'HOST': 'localhost',
'default-character-set': 'utf8'
},
}
附加功能,如果要开启swift(存储)和quantum(网络)两个模块的话要在/etc/openstack-dashboard/local_settings.py加上
SWIFT_ENABLED = True
QUANTUM_ENABLED = True(推荐False,这个是F版本的核心项目)
同步数据库
/usr/share/openstack-dashboard/manage.py syncdb
输出:
Installing custom SQL ...
Installing indexes ...
DEBUG:django.db.backends:(0.008) CREATE INDEX `django_session_c25c2c28` ON `django_session` (`expire_date`);; args=()
No fixtures found.
If you want to avoid a warning when restarting apache2, create a blackhole directory in the dashboard directory like so:
mkdir -p /var/lib/dash/.blackhole
restart nova-api
打开ICMP协议和22端口
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
故障,如果nova-volume.log里出现Error: volume group nova-volumes doesn't exist
解决办法,自己建立一个名字叫nova-volumes 的lvm组
Appendix A: 使用nova-volume
Essex Dashboard可以管理nova-volume。有两种办法来实现
默认nova是直接使用vg名字为nova-volume的卷。这个是可以在nova.conf 定义,你是可以修改的。
1:如果系统上没有多余的分区做 LVM 的话可以用一个文件来充当硬盘,
新建一个文件来做 LVM:
DD一个设备
# dd if=/dev/zero of=/opt/nova-volumes.img bs=1M seek=100000 count=0
加载一个设备
# losetup -f nova-volumes.img
查看加载情况
# losetup -a
/dev/loop0: [0801]:35127298 (/opt/nova-volumes.img)
创建一个nova-volume的卷
# vgcreate nova-volumes /dev/loop0
No physical volume label read from /dev/loop0
Physical volume "/dev/loop0" successfully created
Volume group "nova-volumes" successfully created
查看卷
#vgdisplay
就可以看到创建好的nova-volume。
创建一个5G的卷,名字为volume1
nova volume-create --display_name "volume1" 5
创建完后,可以
nova volume-list
创建的过程非常慢,看status完成后,才能attach。
如果希望删除创建的volume,目前我知道的就只能通过
euca-describe-volumes
euca-delete-volume vol-00000001
把卷添加给虚拟机,1,表示ID号
nova volume-attach superfrobnicator 1 /dev/vdb
2:单独一块盘
# pvcreate /dev/sdb1
# pvdisplay
#vgcreate nova-volumes /dev/sdb1
# vgdisplay
这个时候,就把sdb变成了一个nova-volume。这个时候,在dashboard里,就可以直接管理,使用。
附加计算节点添加
1 系统要求
ubuntu 12.04
apt-get update && apt-get upgrade -y
并改好/etc/hosts
10.193.17.102 essex-controller
10.193.17.101 essex-compute01
网卡配置
auto eth0
iface eth0 inet static
address 10.193.17.101
netmask 255.255.248.0
network 10.193.16.0
broadcast 10.193.23.255
gateway 10.193.16.1
auto eth1
iface eth1 inet static
address 10.193.113.101
netmask 255.255.248.0
auto br300
iface br300 inet static
address 0.0.0.0
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
2 apt-get install -y ntp
ntpdate 与controller同步一下时间
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
echo '30 8 * * * root /usr/sbin/ntpdate 10.193.17.102 '>>/etc/crontab
3安装节点
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network
apt-get install python-novnc novnc
nova.conf配置文件内容
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
# GLANCE
--p_w_picpath_service=nova.p_w_picpath.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.101
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges=True
# NOVNC CONSOLE
#--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.101
--vncserver_listen=10.193.17.101
之后重启controller上的rabbitmq-server就可以了
修改quota(以下以修改floating_ip为例)
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 --key=floating_ips --value=128
查询命令
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 就能看到相应数据
参考文档 http://docs.openstack.org/trunk/openstack-compute/install/content/ch_installing-openstack-overview.html
http://wenku.baidu.com/view/004f661d6bd97f192279e948.html?from=related&hasrec=1
http://hi.baidu.com/chenshake/blog/item/4551cc5812a1b39e810a1876.html?timeStamp=1332899338413