網絡環境
服務器名 ip地址 服務
essex-controller 10.193.17.102 keystone,glance,nova,ec2,rabbitmq,dashboard
essex-compute01 10.193.17.101 nova
此文爲本人裝環境之間的一些經驗,經驗證,VNC還有問題,不過其實不影響效果,下一步研究方向是新的網絡模塊quantum
1 系統要求
ubuntu 12.04
apt-get update && apt-get upgrade -y
並改好/etc/hosts
10.193.17.102 essex-controller
10.193.17.101 essex-compute01
2 apt-get install -y ntp
3 安裝keystone與mysql
apt-get install keystone
rm /var/lib/keystone/keystone.db
apt-get install python-mysqldb mysql-server
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Hjkl1234';
GRANT ALL ON keystone.* TO 'keystone'@'essex-controller' IDENTIFIED BY 'Hjkl1234';
flush privileges;
修改/etc/keystone/keystone.conf一下兩行,註釋掉原來的
admin_token = Hjkl1234
connection = mysql://keystone:[email protected]/keystone
service keystone restart
keystone-manage db_sync
用keystone創建租戶
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name openstack --description "Default Tenant" --enabled true
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Default Tenant |
| enabled | True |
| id | 6444a344abd14a32aaf3f9ba156ec162 |
| name | openstack |
+-------------+----------------------------------+
創建租戶下的用戶
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --name admin --pass Hjkl1234 --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 214b9c6c9105410292c98402413e6afa |
| name | admin |
| password | $6$rounds=40000$q3zWcK84rdE3Hvjt$GHeNO9ju27a5Pj5L9ArM0MaoVjVuGVdztDJ8JiCRH9EW61T2Dn2KbPe083Y2a7VCmoNYuPpOHAmrM9WFDu0yW1 |
| tenantId | 6444a344abd14a32aaf3f9ba156ec162 |
+----------+-------------------------------------------------------------------------------------------------------------------------+
創建用戶的角色(這裏創建了兩個用戶admin和memberrole)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 7714dad3d4e14c0c838c1b970572cc15 |
| name | admin |
+----------+----------------------------------+
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 role-create --name memberRole
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | d0670b34e2084649904e7cfd70508ae4 |
| name | memberRole |
+----------+----------------------------------+
給admin用戶賦admin角色 租戶是openstack(這條命令打完應該沒有任何輸出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 214b9c6c9105410292c98402413e6afa --tenant_id 6444a344abd14a32aaf3f9ba156ec162 --role 7714dad3d4e14c0c838c1b970572cc15
接下來開始添加服務
1. 建一個服務的租戶,這個租戶包含所有的服務
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 tenant-create --name service --description "Service Tenant" --enabled true
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 734a587e7c4e48a0ab4c28fb9c47682f |
| name | service |
+-------------+----------------------------------+
2. 創建glance服務
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name glance --pass glance --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 40500ca6834740519b70dc0eeae2b364 |
| name | glance |
| password | $6$rounds=40000$/Yepnc3hY7Cn.TmA$OlJegXoxUHyRn9aHDyFOCnD9CcTUS6QSTRwDQ3I9XZ937T7.1vjGwMg4ydt3S7e/2d8nayJek/j9ot/kACUsI/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
給glance用戶賦admin角色 租戶是service(這條命令打完應該沒有任何輸出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 40500ca6834740519b70dc0eeae2b364 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
3. 創建nova服務
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name nova --pass nova --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 15632b7a83f64ac7b51d23d1e5bbff63 |
| name | nova |
| password | $6$rounds=40000$VQBd7WcHjy68cYqS$Jxyq6GrQAOJdD2Tfn7ImXg13ZZ.YmMsDLITqf6/fK2Zyv75womwo75.YFRdhcR6xdVd7WdQY1HaPJFqz9WjzI0 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
給nova用戶賦admin角色 租戶是service(這條命令打完應該沒有任何輸出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 15632b7a83f64ac7b51d23d1e5bbff63 --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
4.創建EC2服務
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name ec2 --pass ec2 --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | 48eebb4b138b4a60a75113c5ff4fad9a |
| name | ec2 |
| password | $6$rounds=40000$kmgkePa4iIfYk/tX$SA1sLHlorxRs2N36RqJYpFW5NyOfQmN09NFymDwloXZEZo0eAiQxzbVOvcrVbjln5/fP8PUh4v2QkXgPlUnxp/ |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
給ec2用戶賦admin角色 租戶是service(這條命令打完應該沒有任何輸出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user 48eebb4b138b4a60a75113c5ff4fad9a --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
5創建swift服務(我的環境沒有存儲所以用不到)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-create --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --name swift --pass swift --enabled true
+----------+-------------------------------------------------------------------------------------------------------------------------+
| Property | Value |
+----------+-------------------------------------------------------------------------------------------------------------------------+
| email | None |
| enabled | True |
| id | b76183b5e8bf4303a33e8995418f870c |
| name | swift |
| password | $6$rounds=40000$ePVnxZYqUhrVPZFX$b7tVj2ZQwE6K5wBdfoEKk9uIAWEYWA79FMSLj2yO1s0veU2Zf2g9v7zlp9mdbGLkrEhuYQnfPfMV17RT2d76A1 |
| tenantId | 734a587e7c4e48a0ab4c28fb9c47682f |
+----------+-------------------------------------------------------------------------------------------------------------------------+
給swift用戶賦admin角色 租戶是service(這條命令打完應該沒有任何輸出)
keystone --token Hjkl1234 --endpoint http://10.193.17.102:35357/v2.0 user-role-add --user b76183b5e8bf4303a33e8995418f870c --tenant_id 734a587e7c4e48a0ab4c28fb9c47682f --role 7714dad3d4e14c0c838c1b970572cc15
建立keystone的服務和服務端
1.定義identity service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=keystone \
--type=identity \
--description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | e1db6408b82748a9ab191f6357776651 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=e1db6408b82748a9ab191f6357776651 \
--publicurl=http://10.193.17.102:5000/v2.0 \
--internalurl=http://10.193.17.102:5000/v2.0 \
--adminurl=http://10.193.17.102:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://10.193.17.102:35357/v2.0 |
| id | 5bae7d5e9df44a9b8737e1940e8303d1 |
| internalurl | http://10.193.17.102:5000/v2.0 |
| publicurl | http://10.193.17.102:5000/v2.0 |
| region | RegionOne |
| service_id | e1db6408b82748a9ab191f6357776651 |
+-------------+----------------------------------+
2.定義compute service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=nova \
--type=compute \
--description="Nova Compute Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Compute Service |
| id | a0d5524cb6f042f4ad4c899a11895125 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=a0d5524cb6f042f4ad4c899a11895125 \
--publicurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
--internalurl='http://10.193.17.102:8774/v2/%(tenant_id)s' \
--adminurl='http://10.193.17.102:8774/v2/%(tenant_id)s'
+-------------+--------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------+
| adminurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| id | 7ef213eab7094223a56c9a65fb12b76a |
| internalurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| publicurl | http://10.193.17.102:8774/v2/%(tenant_id)s |
| region | RegionOne |
| service_id | a0d5524cb6f042f4ad4c899a11895125 |
+-------------+--------------------------------------------+
3.定義Volume service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=volume \
--type=volume \
--description="Nova Volume Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Volume Service |
| id | e081ff3318fb423cb9590204f3d9737a |
| name | volume |
| type | volume |
+-------------+----------------------------------+
TENANT=734a587e7c4e48a0ab4c28fb9c47682f
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=e081ff3318fb423cb9590204f3d9737a \
--publicurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
--internalurl='http://10.193.17.102:8776/v1/%(tenant_id)s' \
--adminurl='http://10.193.17.102:8776/v1/%(tenant_id)s'
+-------------+--------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------+
| adminurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| id | 059b03b6c36d46919f08d6f86c9c820c |
| internalurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| publicurl | http://10.193.17.102:8776/v1/%(tenant_id)s |
| region | RegionOne |
| service_id | e081ff3318fb423cb9590204f3d9737a |
+-------------+--------------------------------------------+
4.定義Image service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=glance \
--type=image \
--description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | a00c651854dc4bf39471f905e90e0648 |
| name | glance |
| type | image |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=a00c651854dc4bf39471f905e90e0648 \
--publicurl=http://10.193.17.102:9292/v1 \
--internalurl=http://10.193.17.102:9292/v1 \
--adminurl=http://10.193.17.102:9292/v1
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://10.193.17.102:9292/v1 |
| id | 8484aa912b5d46fe81a359c7abef9b12 |
| internalurl | http://10.193.17.102:9292/v1 |
| publicurl | http://10.193.17.102:9292/v1 |
| region | RegionOne |
| service_id | a00c651854dc4bf39471f905e90e0648 |
+-------------+----------------------------------+
5.定義EC2 service
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=ec2 \
--type=ec2 \
--description="EC2 Compatibility Layer"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | EC2 Compatibility Layer |
| id | 2bf39cecd53749aab495dc188cac81bf |
| name | ec2 |
| type | ec2 |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=2bf39cecd53749aab495dc188cac81bf \
--publicurl=http://10.193.17.102:8773/services/Cloud \
--internalurl=http://10.193.17.102:8773/services/Cloud \
--adminurl=http://10.193.17.102:8773/services/Admin
+-------------+------------------------------------------+
| Property | Value |
+-------------+------------------------------------------+
| adminurl | http://10.193.17.102:8773/services/Admin |
| id | 26ffe3549d504af3bbd8cba090659402 |
| internalurl | http://10.193.17.102:8773/services/Cloud |
| publicurl | http://10.193.17.102:8773/services/Cloud |
| region | RegionOne |
| service_id | 2bf39cecd53749aab495dc188cac81bf |
+-------------+------------------------------------------+
6 定義swift service(這裏沒有環境不一定要做)
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
service-create \
--name=swift \
--type=object-store \
--description="Object Storage Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Object Storage Service |
| id | 42a7e3d582a84fffbbcb833eb756baa1 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
keystone --token Hjkl1234 \
--endpoint http://10.193.17.102:35357/v2.0/ \
endpoint-create \
--region RegionOne \
--service_id=42a7e3d582a84fffbbcb833eb756baa1 \
--publicurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s' \
--adminurl='http://127.0.0.1:8080/' \
--internalurl='http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s'
+-------------+---------------------------------------------+
| Property | Value |
+-------------+---------------------------------------------+
| adminurl | http://127.0.0.1:8080/ |
| id | 51445ceebe7c4bdba1ed31036c4112b1 |
| internalurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| publicurl | http://127.0.0.1:8080/v1/AUTH_$(tenant_id)s |
| region | RegionOne |
| service_id | 42a7e3d582a84fffbbcb833eb756baa1 |
+-------------+---------------------------------------------+
驗證keystone服務
sudo apt-get install curl openssl
命令格式:curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
這裏的命令是
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
顯示結果
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 352 0 244 100 108 1920 850 --:--:-- --:--:-- --:--:-- 2000
{
"access": {
"serviceCatalog": {},
"token": {
"expires": "2012-05-05T05:39:12Z",
"id": "56aa4c0660274d7eb496b3de7c0eaa7d"
},
"user": {
"id": "214b9c6c9105410292c98402413e6afa",
"name": "admin",
"roles": [],
"roles_links": [],
"username": "admin"
}
}
}
這樣應該是正確的
也可以用這條命令
curl -d '{"auth": {"tenantName": "openstack", "passwordCredentials":{"username": "admin", "password": "Hjkl1234"}}}' -H "Content-type: application/json" http://10.193.17.102:35357/v2.0/tokens | python -mjson.tool
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2258 0 2152 100 106 13731 676 --:--:-- --:--:-- --:--:-- 14251
{
"access": {
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"internalURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://10.193.17.102:8774/v2/6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:9292/v1",
"internalURL": "http://10.193.17.102:9292/v1",
"publicURL": "http://10.193.17.102:9292/v1",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "glance",
"type": "image"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"internalURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://10.193.17.102:8776/v1/6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "volume",
"type": "volume"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:8773/services/Admin",
"internalURL": "http://10.193.17.102:8773/services/Cloud",
"publicURL": "http://10.193.17.102:8773/services/Cloud",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "ec2",
"type": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://127.0.0.1:8080/",
"internalURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162",
"publicURL": "http://127.0.0.1:8080/v1/AUTH_6444a344abd14a32aaf3f9ba156ec162",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "object-store"
},
{
"endpoints": [
{
"adminURL": "http://10.193.17.102:35357/v2.0",
"internalURL": "http://10.193.17.102:5000/v2.0",
"publicURL": "http://10.193.17.102:5000/v2.0",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"expires": "2012-05-05T05:42:50Z",
"id": "07b85322e0904098a4e2bdbc257a998c",
"tenant": {
"description": "Default Tenant",
"enabled": true,
"id": "6444a344abd14a32aaf3f9ba156ec162",
"name": "openstack"
}
},
"user": {
"id": "214b9c6c9105410292c98402413e6afa",
"name": "admin",
"roles": [
{
"id": "7714dad3d4e14c0c838c1b970572cc15",
"name": "admin"
}
],
"roles_links": [],
"username": "admin"
}
}
}
4 安裝glance服務
apt-get install glance
rm /var/lib/glance/glance.sqlite
刪除此文件去掉sqlite模式,用mysql模式
創建數據庫
mysql -u root -p
Enter password:
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
GRANT ALL ON glance.* TO 'glance'@'essex-controller' IDENTIFIED BY 'glance';
flush privileges;
quit
修改glance相關配置文件
vi /etc/glance/glance-api-paste.ini
[pipeline:glance-api]
pipeline = versionnegotiation authtoken auth-context apiv1app
admin_tenant_name = service
admin_user = glance
admin_password = glance
vi /etc/glance/glance-api.conf
在最後添加
[paste_deploy]
flavor = keystone
重啓服務:service glance-api restart
vi /etc/glance/glance-registry.conf
sql_connection = mysql://glance:[email protected]/glance
在最後添加
[paste_deploy]
flavor = keystone
vi /etc/glance/glance-registry-paste.ini
[pipeline:glance-registry]
#pipeline = context registryapp
# NOTE: use the following pipeline for keystone
pipeline = authtoken auth-context context registryapp
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance
重啓服務:service glance-registry restart
service glance-api restart
#On Ubuntu 12.04, the database tables are under version control and you must do these steps on a new install to prevent the Image service from breaking possible upgrades.
glance-manage version_control 0
glance-manage db_sync
驗證glance服務:
glance --version
glance 2012.1
先加上變量環境
vi openrc
export OS_USERNAME=admin
export OS_TENANT_NAME=openstack
export OS_PASSWORD=Hjkl1234
export OS_AUTH_URL=http://10.193.17.102:5000/v2.0/
export OS_REGION_NAME=RegionOne
source openrc
glance add name="CentOS 5.5 x86_64" is_public=true container_format=ovf disk_format=raw < /tmp/centos.img
Uploading image 'CentOS 5.5 x86_64'
================================================================================================[100%] 77.2M/s, ETA 0h 0m 0s
Added new image with ID: 338f52f9-98e1-4bc8-bd7f-a8226c82d0ca
glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
ae96fc6c-2ae1-48ff-a9c4-8a449a15e9e6 CentOS 5.5 x86_64 raw ovf 10737418240
即表示成功
5 網絡
vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 10.193.17.102
netmask 255.255.248.0
network 10.193.16.0
broadcast 10.193.23.255
gateway 10.193.16.1
auto eth1
iface eth1 inet static
address 10.193.113.102
netmask 255.255.248.0
auto br300
iface br300 inet static
address 10.0.0.1
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
配置nova數據庫
mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-controller' IDENTIFIED BY 'nova';
GRANT ALL ON nova.* TO 'nova'@'essex-compute01' IDENTIFIED BY 'nova';
flush privileges;
6 安裝Cloud Controller (RabbitMQ)
apt-get install rabbitmq-server
更改 RABBITMQ 消息隊列服務 guest 用戶默認密碼爲 openstack
rabbitmqctl change_password guest openstack
安裝nova的包
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network
apt-get install python-novnc novnc
一下應用於其他用戶啓動openstack
groupadd nova
usermod -g nova nova
chown -R root:nova /etc/nova
chmod 640 /etc/nova/nova.conf
nova.conf配置
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.102
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges
# NOVNC CONSOLE
--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.102
--vncserver_listen=10.193.17.102
修改/etc/nova/api-paste.ini 文件
admin_tenant_name = service
admin_user = nova
admin_password = nova
重啓命令(可以把它寫成一個腳本)
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
nova-manage db sync
建立好內網和floating_ip
nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br300 --bridge_interface=eth1 --network_size=250
nova-manage floating create --ip_range=10.193.113.150/27
重啓服務
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler novnc nova-volume nova-consoleauth; do service "$a" restart; done
/etc/init.d/rabbitmq-server restart
7 安裝DASHBOARD
apt-get install -y memcached libapache2-mod-wsgi openstack-dashboard
編輯/etc/openstack-dashboard/local_settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
這個參數與/etc/memcached.conf內的參數要對應
mysql -u root -p
create database dash;
GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-controller' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'essex-compute01' IDENTIFIED BY 'dash';
GRANT ALL ON dash.* TO 'dash'@'localhost' IDENTIFIED BY 'dash';
flush privileges;
在/etc/openstack-dashboard/local_settings.py 增加一段
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'dash',
'USER': 'dash',
'PASSWORD': 'dash',
'HOST': 'localhost',
'default-character-set': 'utf8'
},
}
附加功能,如果要開啓swift(存儲)和quantum(網絡)兩個模塊的話要在/etc/openstack-dashboard/local_settings.py加上
SWIFT_ENABLED = True
QUANTUM_ENABLED = True(推薦False,這個是F版本的核心項目)
同步數據庫
/usr/share/openstack-dashboard/manage.py syncdb
輸出:
Installing custom SQL ...
Installing indexes ...
DEBUG:django.db.backends:(0.008) CREATE INDEX `django_session_c25c2c28` ON `django_session` (`expire_date`);; args=()
No fixtures found.
If you want to avoid a warning when restarting apache2, create a blackhole directory in the dashboard directory like so:
mkdir -p /var/lib/dash/.blackhole
restart nova-api
打開ICMP協議和22端口
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
故障,如果nova-volume.log裏出現Error: volume group nova-volumes doesn't exist
解決辦法,自己建立一個名字叫nova-volumes 的lvm組
Appendix A: 使用nova-volume
Essex Dashboard可以管理nova-volume。有兩種辦法來實現
默認nova是直接使用vg名字爲nova-volume的卷。這個是可以在nova.conf 定義,你是可以修改的。
1:如果系統上沒有多餘的分區做 LVM 的話可以用一個文件來充當硬盤,
新建一個文件來做 LVM:
DD一個設備
# dd if=/dev/zero of=/opt/nova-volumes.img bs=1M seek=100000 count=0
加載一個設備
# losetup -f nova-volumes.img
查看加載情況
# losetup -a
/dev/loop0: [0801]:35127298 (/opt/nova-volumes.img)
創建一個nova-volume的卷
# vgcreate nova-volumes /dev/loop0
No physical volume label read from /dev/loop0
Physical volume "/dev/loop0" successfully created
Volume group "nova-volumes" successfully created
查看卷
#vgdisplay
就可以看到創建好的nova-volume。
創建一個5G的卷,名字爲volume1
nova volume-create --display_name "volume1" 5
創建完後,可以
nova volume-list
創建的過程非常慢,看status完成後,才能attach。
如果希望刪除創建的volume,目前我知道的就只能通過
euca-describe-volumes
euca-delete-volume vol-00000001
把卷添加給虛擬機,1,表示ID號
nova volume-attach superfrobnicator 1 /dev/vdb
2:單獨一塊盤
# pvcreate /dev/sdb1
# pvdisplay
#vgcreate nova-volumes /dev/sdb1
# vgdisplay
這個時候,就把sdb變成了一個nova-volume。這個時候,在dashboard裏,就可以直接管理,使用。
附加計算節點添加
1 系統要求
ubuntu 12.04
apt-get update && apt-get upgrade -y
並改好/etc/hosts
10.193.17.102 essex-controller
10.193.17.101 essex-compute01
網卡配置
auto eth0
iface eth0 inet static
address 10.193.17.101
netmask 255.255.248.0
network 10.193.16.0
broadcast 10.193.23.255
gateway 10.193.16.1
auto eth1
iface eth1 inet static
address 10.193.113.101
netmask 255.255.248.0
auto br300
iface br300 inet static
address 0.0.0.0
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
2 apt-get install -y ntp
ntpdate 與controller同步一下時間
apt-get install bridge-utils
brctl addbr br300
/etc/init.d/networking restart
echo '30 8 * * * root /usr/sbin/ntpdate 10.193.17.102 '>>/etc/crontab
3安裝節點
apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network
apt-get install python-novnc novnc
nova.conf配置文件內容
# LOGS/STATE
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose=True
# AUTHENTICATION
--auth_strategy=keystone
--keystone_ec2_url=http://10.193.17.102:5000/v2.0/ec2tokens
# SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
# VOLUMES
--volume_group=nova-volumes
--volume_name_template=volume-%08x
--iscsi_helper=tgtadm
--root_helper=sudo nova-rootwrap
# DATABASE
--sql_connection=mysql://nova:[email protected]/nova
# COMPUTE
--libvirt_type=kvm
--connection_type=libvirt
#instance_name_template=instance-%08x
--api_paste_config=/etc/nova/api-paste.ini
--allow_resize_to_same_host=True
# APIS
#--osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
--ec2_host=10.193.17.102
--s3_host=10.193.17.102
# RABBITMQ
--rabbit_host=10.193.17.102
--rabbit_password=openstack
# GLANCE
--image_service=nova.image.glance.GlanceImageService
--glance_api_servers=10.193.17.102:9292
# NETWORK
--dhcpbridge=/usr/bin/nova-dhcpbridge
--dhcpbridge_flagfile=/etc/nova/nova.conf
--network_manager=nova.network.manager.FlatDHCPManager
--force_dhcp_release=True
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
--my_ip=10.193.17.101
--public_interface=eth0
--routing_source_ip=10.193.17.102
#vlan_interface=eth0
--flat_network_bridge=br300
--flat_interface=eth1
--fixed_range=10.0.0.0/24
--floating_range=10.193.17.150/27
--libvirt_use_virtio_for_bridges=True
# NOVNC CONSOLE
#--vnc_enabled=True
--novncproxy_base_url=http://10.193.17.102:6080/vnc_auto.html
--vncserver_proxyclient_address=10.193.17.101
--vncserver_listen=10.193.17.101
之後重啓controller上的rabbitmq-server就可以了
修改quota(以下以修改floating_ip爲例)
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 --key=floating_ips --value=128
查詢命令
nova-manage project quota --project=6444a344abd14a32aaf3f9ba156ec162 就能看到相應數據