[Ubuntu 12.10] Openstack 多节点安装--控制节点安装

接下来开始进行控制节点的安装

1 修改网卡配置 /etc/network/interfaces

auto lo
iface lo inet loopback

auto br100
iface br100 inet static
address 10.1.6.228
netmask 255.255.255.0
gateway 10.1.6.254
dns-nameservers 10.1.1.2

bridge_ports em1
bridge_hello 2
bridge_maxage 12
bridge_fd 0
bridge_stp off

2 安装网桥相关软件

apt-get -y install bridge-utils

3  重启网卡，使网桥配置生效

/etc/init.d/networking restart

4 安装ntp服务

apt-get -y install ntp

5 修改/etc/ntp.conf，在server ntp.ubuntu.com下添加 如下内容

server 127.127.1.0
fudge 127.127.1.0 stratum 10

6 重启ntp服务，使配置生效

/etc/init.d/ntp restart

7 安装memcache和rabbitmq

apt-get install -y rabbitmq-server memcached python-memcache kvm libvirt-bin curl

8 安装iscsi相关软件，volume使用

apt-get -y install tgt

9 安装LVM

apt-get install lvm2

10 挑选一个分区，创建LVM卷，名称为nova-volumes

pvcreate /dev/sda5
vgcreate nova-volumes /dev/sda5

11 安装mysql，root密码my_password

apt-get install -y mysql-server python-mysqldb

12 修改mysql配置文件/etc/mysql/my.cnf，使监听0.0.0.0端口

bind-address            = 0.0.0.0

13 重启mysql使配置生效

service mysql restart

14 创建openstack需要的相关库：nova、glance、keystone三个库。

CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'my_password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'my_password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'my_password';
FLUSH PRIVILEGES;

15 安装keystone组件

apt-get install -y keystone python-keystone python-keystoneclient

16 修改/etc/keystone/keystone.conf配置文件如下

[DEFAULT]
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
admin_token = my_cloud

[sql]
connection = mysql://keystone:[email protected]/keystone

17 重启keystone服务

service keystone restart

18 初始化keystone数据库

keystone-manage db_sync

19 为了安装keystone方便，提前设置好环境变量

export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export SERVICE_PASSWORD=password
export FIXED_RANGE=10.1.6.0/24
export OS_AUTH_URL="http://10.1.6.228:5000/v2.0/"
export SERVICE_ENDPOINT="http://10.1.6.228:35357/v2.0"
export SERVICE_TOKEN=my_cloud
export MASTER="10.1.6.228"

20  设置users and tenants and services，用脚本设置keystone.sh

#!/bin/bash
#
# Initial data for Keystone using python-keystoneclient
#
# Tenant               User      Roles
# ------------------------------------------------------------------
# admin                admin     admin
# service              glance    admin
# service              nova      admin, [ResellerAdmin (swift only)]
# service              quantum   admin        # if enabled
# service              swift     admin        # if enabled
# demo                 admin     admin
# demo                 demo      Member, anotherrole
# invisible_to_admin   demo      Member
#
# Variables set before calling this script:
# SERVICE_TOKEN - aka admin_token in keystone.conf
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory

ADMIN_PASSWORD=${ADMIN_PASSWORD:-$OS_PASSWORD}
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
ENABLED_SERVICES="swift"

function get_id () {
    echo `$@ | awk '/ id / { print $4 }'`
}

# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)


# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
                                         --pass="$ADMIN_PASSWORD" \
                                         [email protected])


# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)


# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant_id $ADMIN_TENANT


# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
                                        --pass="$SERVICE_PASSWORD" \
                                        --tenant_id $SERVICE_TENANT \
                                        [email protected])
keystone user-role-add --tenant_id $SERVICE_TENANT \
                       --user-id $NOVA_USER \
                       --role-id $ADMIN_ROLE

GLANCE_USER=$(get_id keystone user-create --name=glance \
                                          --pass="$SERVICE_PASSWORD" \
                                          --tenant_id $SERVICE_TENANT \
                                          [email protected])
keystone user-role-add --tenant_id $SERVICE_TENANT \
                       --user-id $GLANCE_USER \
                       --role-id $ADMIN_ROLE

if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
    SWIFT_USER=$(get_id keystone user-create --name=swift \
                                             --pass="$SERVICE_PASSWORD" \
                                             --tenant_id $SERVICE_TENANT \
                                             [email protected])
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user-id $SWIFT_USER \
                           --role-id $ADMIN_ROLE
    
   
    RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user-id $NOVA_USER \
                           --role-id $RESELLER_ROLE
fi

if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
    QUANTUM_USER=$(get_id keystone user-create --name=quantum \
                                               --pass="$SERVICE_PASSWORD" \
                                               --tenant_id $SERVICE_TENANT \
                                               [email protected])
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user-id $QUANTUM_USER \
                           --role-id $ADMIN_ROLE
fi

21 设置endpoint服务，使用endpoint.sh脚本设置

#!/bin/sh

# Author:       Martin Gerhard Loschwitz
# (c) 2012      hastexo Professional Services GmbH

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# 
#    http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# 
# On Debian-based systems the full text of the Apache version 2.0 
# license can be found in `/usr/share/common-licenses/Apache-2.0'.

# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_PASSWORD=my_password
MYSQL_HOST=10.1.6.228
MASTER=10.1.6.228

# Keystone definitions
KEYSTONE_REGION=RegionOne
SERVICE_ENDPOINT="http://10.1.6.228:35357/v2.0"


# other definitions

while getopts "u:D:p:m:K:R:E:S:T:vh" opt; do
  case $opt in
    u)
      MYSQL_USER=$OPTARG
      ;;
    D)
      MYSQL_DATABASE=$OPTARG
      ;;
    p)
      MYSQL_PASSWORD=$OPTARG
      ;;
    m)
      MYSQL_HOST=$OPTARG
      ;;
    K)
      MASTER=$OPTARG
      ;;
    R)
      KEYSTONE_REGION=$OPTARG
      ;;
    E)
      export SERVICE_ENDPOINT=$OPTARG
      ;;
    S)
      SWIFT_MASTER=$OPTARG
      ;;
    T)
      export SERVICE_TOKEN=$OPTARG
      ;;
    v)
      set -x
      ;;
    h)
      cat <<EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
       [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] 
       [ -S swift_master ] [ -T keystone_token ]
          
Add -v for verbose mode, -h to display this message.
EOF
      exit 0
      ;;
    \?)
      echo "Unknown option -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument" >&2
      exit 1
      ;;
  esac
done  

if [ -z "$KEYSTONE_REGION" ]; then
  echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2
  missing_args="true"
fi

if [ -z "$SERVICE_TOKEN" ]; then
  echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2
  missing_args="true"
fi

if [ -z "$SERVICE_ENDPOINT" ]; then
  echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2
  missing_args="true"
fi

if [ -z "$MYSQL_PASSWORD" ]; then
  echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2
  missing_args="true"
fi

if [ -n "$missing_args" ]; then
  exit 1
fi
 
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name volume --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name swift --type object-store --description 'OpenStack Storage Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'

create_endpoint () {
  case $1 in
    compute)
    keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s'
    ;;
    volume)
    keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s'
    ;;
    image)
    keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':9292/v1' --adminurl 'http://'"$MASTER"':9292/v1' --internalurl 'http://'"$MASTER"':9292/v1'
    ;;
    object-store)
    if [ $SWIFT_MASTER ]; then
      keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$SWIFT_MASTER"':8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$SWIFT_MASTER"':8080/v1' --internalurl 'http://'"$SWIFT_MASTER"':8080/v1/AUTH_%(tenant_id)s'
    else
      keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$MASTER"':8080/v1' --internalurl 'http://'"$MASTER"':8080/v1/AUTH_%(tenant_id)s'
    fi
    ;;
    identity)
    keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':5000/v2.0' --adminurl 'http://'"$MASTER"':35357/v2.0' --internalurl 'http://'"$MASTER"':5000/v2.0'
    ;;
    ec2)
    keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8773/services/Cloud' --adminurl 'http://'"$MASTER"':8773/services/Admin' --internalurl 'http://'"$MASTER"':8773/services/Cloud'
    ;;
  esac
}

for i in compute volume image object-store identity ec2; do
  id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1
  create_endpoint $i $id
done

22 查看设置是否正确

keystone tenant-list
keystone user-list
keystone role-list

23 安装glance服务

apt-get install -y glance glance-api glance-client glance-common glance-registry python-glance

24 修改配置文件/etc/glance/ glance-api.conf 和/etc/glance/ glance-registry.conf

#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
admin_tenant_name = service
admin_user = glance
admin_password = password

25 修改/etc/glance/glance-registry.conf使用mysql连接

sql_connection = mysql://glance:[email protected]/glance

26 修改/etc/glance/glance-registry.conf和/etc/glance/glance-api.conf，添加如下

[paste_deploy]
flavor = keystone

27 重启glance相关服务

service glance-api restart && service glance-registry restart

28 初始化glance数据库

glance-manage version_control 0
glance-manage db_sync

29 再次重启glance服务

service glance-api restart && service glance-registry restart

30 测试glance，无输出即正常

glance index

31 上传自制的镜像

glance add name="debian6 initrd" disk_format=qcow2 container_format=ovf is_public=true < initrd.img-2.6.32-5-amd64

glance add name="debian6 vmlinuz" disk_format=qcow2 container_format=ovf is_public=true < vmlinuz-2.6.32-5-amd64

glance add name="debian6 OS" disk_format=qcow2 container_format=ovf is_public=true  ramdisk_id=b0d124c4-df3c-4939-9112-da421894c0a6 kernel_id=959c170c-5058-4154-a7c1-45caa691c505 < debian6.img

32 测试glance，会看到上传的镜像

33 安装nova组件

apt-get install -y nova-api nova-cert nova-common nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient nova-compute nova-compute-kvm  nova-network

34 修改/etc/nova/api-paste.ini文件

#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
admin_tenant_name = service
admin_user = nova
admin_password = password

35 修改/etc/nova/nova.conf配置文件

[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False

###### AUTHENTICATION
auth_strategy=keystone

###### SCHEDULER
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler

###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm

###### DATABASE
sql_connection=mysql://nova:[email protected]/nova

###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true

###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=10.1.6.228
cc_host=10.1.6.228

###### RABBITMQ
rabbit_host=10.1.6.228

###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=10.1.6.228:9292

###### NETWORK
network_manager=nova.network.manager.FlatManager
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=em1
flat_interface=em1
flat_network_bridge=br100
fixed_range=10.1.6.0/24
multi_host=true

###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://10.1.6.228:6080/vnc_auto.html
vncserver_proxyclient_address=10.1.6.228
vncserver_listen=10.1.6.228

########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova

#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

36 重启相关服务

service rabbitmq-server restart
service libvirt-bin restart
service nova-scheduler restart
service nova-network restart
service nova-cert restart
service nova-compute restart
service nova-api restart
service nova-objectstore restart
service nova-volume restart

37 初始化nova数据库

nova-manage db sync

38 创建fix ip

nova-manage network create private --fixed_range_v4=10.1.6.0/24 --num_networks=1 --bridge=br100 --bridge_interface=em1 --network_size=256 --multi_host=T

39 再次重启nova服务

service rabbitmq-server restart
service libvirt-bin restart
service nova-scheduler restart
service nova-network restart
service nova-cert restart
service nova-compute restart
service nova-api restart
service nova-objectstore restart
service nova-volume restart

40 测试nova服务是否启动正常

nova-manage service list

41 安装horizon

apt-get install -y apache2 libapache2-mod-wsgi openstack-dashboard

42 访问dashboard

http://10.1.6.228/horizon

43 添加安全组，会让输入验证密码

nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

44 查看有那些镜像可以使用，需要输入验证密码

nova image-list

45 查看那些网络可以用

nova-manage network list

46 启动你的第一个vm，需要输入验证密码

nova boot --flavor 1 --image 1032f24a-3dd2-4fbe-a4df-e016c795bedb --nic net-id=ef99e9d5-252b-41c0-bef9-a47600a0834f,v4-fixed-ip=10.1.6.229 vm1

47 安装vnc

apt-get install nova-novncproxy nova-xvpvncproxy novnc python-novnc

48 不完美的修改，因为是指定的固定的IP，但是我的镜像当初做的是DHCP获取，锁IP并没有真正注入vm中，需要通过在dashboard用vnc进入vm中修改ip地址，然后即可登录。

49 在控制节点查看服务是否正常

nova-manage service list