CentOS 6.5 Openstack Folsom 安装[Linux Bridge模式]

Contents

    1 系统要求
    2 控制节点
        2.1 初始化设置
            2.1.1 EPEL源
            2.1.2 网络相关设置
            2.1.3 Iptables
    3 环境变量
    4 QPID
    5 Keystone
    6 Glance
    7 Cinder
    8 Nova
    9 Quantum
    10 Horizon

系统要求

    CentOS 6.3
    双网卡
    一个单独的分区，cinder-volume使用
    关闭Selinux

控制节点
初始化设置
EPEL源

我们需要启用EPEL源

rpm -ivh http://mirrors.163.com/fedora-epel/6/i386/epel-release-6-8.noarch.rpm

网络相关设置

eth0，是静态IP，可以访问外网。

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=00:E0:81:D8:43:BE
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.50.9.240
NETMASK=255.255.255.0

eth1设置

cat > /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
DEVICE=eth1
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
EOF

Iptables

sed -i 's/enforcing/disabled/g' /etc/selinux/config
我已经禁用的Selinux

chkconfig iptables off
service iptables stop

由于目前包有bug，需要

cat > /etc/sysconfig/modules/openstack-quantum-linuxbridge.modules << EOF
#!/bin/sh

modprobe -b bridge >/dev/null 2>&1

exit 0
EOF

设置文件权限

chmod ugo+x /etc/sysconfig/modules/openstack-quantum-linuxbridge.modules

修改 /etc/sysctl.conf

net.ipv4.ip_forward = 1

Redhat配置Openstack工具

yum install openstack-utils dnsmasq-utils

重启机器
环境变量

我这种方式设置环境变量，只是为了保证安装比较简单和成功，有时候会可能会让你有点误解。详细的理解大家可以参考原文，这里的设置和原文有点不一样。

创建目录

mkdir /root/work

创建环境变量文件，你可以根据你的需求，修改相关的密码。

cat >/root/work/novarc <<EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=$(openssl rand -hex 10)
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF

变量生效

source /root/work/novarc

生成token文件

echo $SERVICE_TOKEN > /root/work/ks_admin_token

QPID

这是Redhat替换RabbitMQ，这里设置是不需要身份验证就可以直接使用。

yum install qpid-cpp-server
sed -i -e 's/auth=.*/auth=no/g' /etc/qpidd.conf
chkconfig qpidd on
service qpidd start

Keystone

安装keystone的时候，会同时把mysql安装，需要设置root的密码，我这里设置是 password

yum install openstack-keystone
openstack-db --init --service keystone

设置

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
chkconfig openstack-keystone on
service openstack-keystone start

添加admin 租户，角色和用户

keystone user-create --name admin --pass $OS_PASSWORD
keystone role-create --name admin
keystone tenant-create --name admin
user=$(keystone user-list | awk '/admin/ {print $2}')
role=$(keystone role-list | awk '/admin/ {print $2}')
tenant=$(keystone tenant-list | awk '/admin/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

设置keystone Endpoint

keystone service-create --name=keystone --type=identity \
--description="Keystone Identity Service"
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --region RegionOne \
  --service_id $service \
  --publicurl 'http://'"$MASTER"':5000/v2.0' \
  --adminurl 'http://127.0.0.1:35357/v2.0' \
  --internalurl 'http://127.0.0.1:5000/v2.0'

创建一个用户 chenhsake, 属于user的角色，属于Redhat的租户

keystone user-create --name chenshake --pass chenshake
keystone role-create --name user
keystone tenant-create --name redhat
user=$(keystone user-list | awk '/chenshake/ {print $2}')
role=$(keystone role-list | awk '/user/ {print $2}')
tenant=$(keystone tenant-list | awk '/redhat/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

检查

ps -ef | grep -i keystone-all
grep ERROR /var/log/keystone/keystone.log

Glance

安装

yum install openstack-glance
openstack-db --init --service glance

设置

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_token $SERVICE_TOKEN

启动服务

chkconfig openstack-glance-registry on
chkconfig openstack-glance-api on
service openstack-glance-registry start
service openstack-glance-api start

glance在Keystone的Endpoint

keystone service-create --name=glance --type=image \
--description="Glance Image Service"
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service_id $service \
  --publicurl 'http://'"$MASTER"':9292/v1' \
  --adminurl http://127.0.0.1:9292/v1 \
  --internalurl http://127.0.0.1:9292/v1

Cinder

安装

yum install openstack-cinder
openstack-db --init --service cinder

分区

umount /dev/sda2
pvcreate /dev/sda2
vgcreate cinder-volumes /dev/sda2

去掉分区挂载，这个是因为我安装os的时候，专门有一个分区 nova volume. 如果不去掉，会导致重启有麻烦

sed -i '/nova-volume/s/^/#/' /etc/fstab

设置

openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
grep -q /etc/cinder/volumes /etc/tgt/targets.conf || sed -i '1iinclude /etc/cinder/volumes/*' /etc/tgt/targets.conf

服务

chkconfig tgtd on
service tgtd start
chkconfig openstack-cinder-api on
chkconfig openstack-cinder-scheduler on
chkconfig openstack-cinder-volume on
service openstack-cinder-api start
service openstack-cinder-scheduler start
service openstack-cinder-volume start

Cinder在Keystone的Endpoint

keystone service-create --name=cinder --type=volume \
--description="Cinder Volume Service"
service=$(keystone service-list | awk '/cinder/ {print $2}')
keystone endpoint-create --service_id $service \
  --publicurl "http://'"$MASTER"':8776/v1/\$(tenant_id)s" \
  --adminurl "http://127.0.0.1:8776/v1/\$(tenant_id)s" \
  --internalurl "http://127.0.0.1:8776/v1/\$(tenant_id)s"

检查

grep -i ERROR /var/log/cinder/*
grep CRITICAL /var/log/cinder/*
tail -f /var/log/cinder/*.log

Nova

安装

目前包的依赖关系有点问题，所以需要先安装qemu-img的包

yum install qemu-img
yum install openstack-nova
openstack-db --init --service nova

配置

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface eth1
openstack-config --set /etc/nova/nova.conf DEFAULT public_interface eth0
openstack-config --set /etc/nova/nova.conf DEFAULT volume_api_class nova.volume.cinder.API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata

服务

chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-objectstore on
chkconfig openstack-nova-scheduler on
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-objectstore start
service openstack-nova-scheduler start

Nova在Keystone的Endpoint

keystone service-create --name=nova --type=compute \
--description="Nova Compute Service"
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service_id $service \
  --publicurl "http://'"$MASTER"':8774/v1.1/\$(tenant_id)s" \
  --adminurl "http://127.0.0.1:8774/v1.1/\$(tenant_id)s" \
  --internalurl "http://127.0.0.1:8774/v1.1/\$(tenant_id)s"

Quantum

安装的时候,会提示你那个网卡设置vlan trunk,我们这里是eth1

yum install openstack-quantum openstack-quantum-linuxbridge gedit
quantum-server-setup --plugin linuxbridge

快照16

编辑 /usr/lib/python2.6/site-packages/quantum/agent/linux/iptables_manager.py ,这是目前包的一个bug

272 #        s = [('/sbin/iptables', self.ipv4)]
    273         s = [('iptables', self.ipv4)]

服务

chkconfig quantum-server on
service quantum-server start

Setup and start L2 agent (LinuxBridge plugin)

quantum-node-setup --plugin linuxbridge

会提示quantum服务器的Hostname,直接填写IP就可以。.

快照17

配置

openstack-config --set /etc/quantum/plugin.ini VLANS tenant_network_type vlan
openstack-config --set /etc/quantum/plugin.ini VLANS network_vlan_ranges physnet1,physnet2:100:199
openstack-config --set /etc/quantum/plugin.ini LINUX_BRIDGE physical_interface eth0,eth1
openstack-config --set /etc/quantum/plugin.ini LINUX_BRIDGE physical_interface_mappings physnet1:eth0,physnet2:eth1

启动服务

chkconfig quantum-linuxbridge-agent on
service quantum-linuxbridge-agent start

设置dhcp agent

# quantum-dhcp-setup --plugin linuxbridge
Quantum plugin: linuxbridge
Please enter the Quantum hostname:
10.1.199.6
Configuration updates complete!

 

服务

chkconfig quantum-dhcp-agent on
service quantum-dhcp-agent start

Setup and start L3 agent.

quantum-l3-setup --plugin linuxbridge
chkconfig quantum-l3-agent on
service quantum-l3-agent start

Quantum在Keystone的Endpoint

keystone service-create --name quantum --type network \
--description 'OpenStack Networking Service'
service=$(keystone service-list | awk '/quantum/ {print $2}')
keystone endpoint-create \
       --service-id $service \
       --publicurl "http://'"$MASTER"':9696/" --adminurl "http://127.0.0.1:9696/" \
       --internalurl "http://127.0.0.1:9696/"

创建quantum 服务用户，我的理解是目前quantum还无法支持使用token去验证

keystone user-create --name quantum --pass $SERVICE_PASSWORD
keystone tenant-create --name service
user=$(keystone user-list | awk '/quantum/ {print $2}')
role=$(keystone role-list | awk '/admin/ {print $2}')
tenant=$(keystone tenant-list | awk '/service/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

nova支持quantum

openstack-config --set /etc/nova/nova.conf DEFAULT quantum_admin_username quantum
openstack-config --set /etc/nova/nova.conf DEFAULT  quantum_admin_password $SERVICE_PASSWORD
openstack-config --set /etc/nova/nova.conf DEFAULT  quantum_admin_tenant_name service

重启服务

service openstack-nova-api restart
service openstack-nova-cert restart
service openstack-nova-objectstore restart
service openstack-nova-scheduler restart

Horizon

yum install openstack-dashboard
chkconfig httpd on
service httpd start