首页 > OpenStack > OpenStack部署小记-控制节点

OpenStack部署小记-控制节点

2015年8月20日 发表评论 阅读评论

预先准备

本文章涉及的脚本
文章中的相关密码表,具体数值根据自己的环境进行设置

密码变量 密码的值
(具体可以自行设置)
用途
MARIADB_PASS 123456 MariaDB Root密码
RABBIT_PASS 123456 Rabbit 消息中间件用户密码
KEYSTONE_DBPASS 123456 Keystone 数据账户的密码
KEYSTONE_ADMIN_PASS 123456 Keystone Admin账户的密码
KEYSTONE_DEMO_PASS 123456 Keystone Demo账户的密码
KEYSTONE_ADMIN_TOKEN 使用如下命令生成
openssl rand -hex 10
Keystone 的Admin Token
GLANCE_PASS 123456 Glance 在 Keystone 的密码
GLANCE_DBPASS 123456 Glance 的数据库密码
NOVA_PASS 123456 Nova 在 Keystone 的密码
NOVA_DBPASS 123456 Nova 的数据库密码
NEUTRON_PASS 123456 Neutron 在 Keystone 的密码
NEUTRON_DBPASS 123456 Neutron 的数据库密码
METADATA_SECRET 123456 Neutron 的 Medatada 密钥
CINDER_PASS 123456 Cinder 在 Keystone 的密码
CINDER_DBPASS 123456 Cinder 的数据库密码
SWIFT_PASS 123456 Swift 在 Keystone 的密码
SWIFT_DBPASS 123456 Swift 的数据库密码
HEAT_PASS 123456 Heat 在 Keystone 的密码
HEAT_DBPASS 123456 Heat 的数据库密码
CEILOMETER_PASS 123456 Ceilometer 在 Keystone 的密码
CEILOMETER_DBPASS 123456 Ceilometer 的数据库密码
TROVE_PASS 123456 Trove 在 Keystone 的密码
TROVE_DBPASS 123456 Trove 的数据库密码

基础部署

1.IP地址设置

首先将系统安装完成,然后按照架构设置中配置控制节点的网卡
编辑 /etc/network/interfaces
写入如下内容

vi /etc/network/interfaces
# -----------------------------------------
auto eth0
iface eth0 inet static
        address 10.0.1.10
        netmask 255.255.255.0

auto eth1
iface eth1 inet static
        address 10.0.8.10
        netmask 255.255.255.0
        gateway 10.0.8.254
# -----------------------------------------

然后重启网络,并启用网卡

service network restart
ifup eth0
ifup eth1

查看网卡配置是否正确

ifconfig eth0
ifoonfig eth1

2.设置HOSTS

将四个节点的主机名分别写入到/etc/hosts中

rm -rfv /etc/hosts
echo "127.0.0.1       localhost"  >> /etc/hosts
echo "10.0.1.10       controller" >> /etc/hosts
echo "10.0.1.20       compute"    >> /etc/hosts
echo "10.0.1.30       network"    >> /etc/hosts
echo "10.0.1.40       storage"    >> /etc/hosts

3.设置DNS

这里使用114的DNS,将DNS写入到/etc/resolv.conf中

echo "nameserver 114.114.114.114" >> /etc/resolv.conf

4.测试网络连通性

依次Ping 四个节点以及百度,测试外网是否通畅

ping -c 2 controller|grep "64 bytes from"
ping -c 2 compute|grep "64 bytes from"
ping -c 2 network|grep "64 bytes from"
ping -c 2 storage|grep "64 bytes from"
ping -c 2 www.baidu.com|grep "64 bytes from"

5.升级系统

更新软件源,升级系统

apt-get update
apt-get upgrade

6.安装 NTP 时间同步

apt-get -y install ntp

删除/var/lib/ntp/ntp.conf.dhcp

rm -rfv /var/lib/ntp/ntp.conf.dhcp

编辑/etc/ntp.conf

# -----------------------------------------
#将
#server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
#改为
server 0.ubuntu.pool.ntp.org iburst
server 1.ubuntu.pool.ntp.org iburst
server 2.ubuntu.pool.ntp.org iburst
server 3.ubuntu.pool.ntp.org iburst

server 127.127.1.0
fudge 127.127.1.0 stratum 8
# -----------------------------------------
#将
#restrict -4 default kod notrap nomodify nopeer noquery
#restrict -6 default kod notrap nomodify nopeer noquery
#改为
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify
# -----------------------------------------

重新启动ntp服务

service ntp restart

7.配置 OpenStack 安装包源

安装Openstack的密钥环

apt-get -y install ubuntu-cloud-keyring

添加Openstack Kilo版本的安装源

echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu" "trusty-updates/kilo main">/etc/apt/sources.list.d/cloudarchive-kilo.list

这里因为OpenStack的官方源速度太酸爽,所以我花了一天时间把这个源的amd64版本全部同步下来了,在本地做了镜像源,详细过程在此
http://blog.l1n3.net/cloud/openstack/openstack-deploy-source/
更新源,然后升级系统

apt-get -y update
apt-get -y dist-upgrade

8.安装MariaDB数据库

apt-get -y install mariadb-server python-mysqldb

编辑/etc/mysql/conf.d/mysqld_openstack.cnf 如没有则直接新建

vi /etc/mysql/conf.d/mysqld_openstack.cnf
#按如下内容设置,如没有则填写上
# -----------------------------------------
[mysqld]
bind-address = 10.0.1.10
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# -----------------------------------------

启动 MariaDB

service mysql restart

设置 MariaDB

mysql_secure_installation
# 设置root密码,具体查阅密码表中的 MARIADB_PASS
# 是否删除匿名用户     Y
# 是否禁止root远程登录 Y
# 是否删除test数据库   Y
# 是否刷新权限表       Y

9.安装消息队列 RabbitMQ

apt-get -y install rabbitmq-server

创建 RabbitMQ 用户,用户名为:openstack,密码查阅密码表中的 RABBIT_PASS

rabbitmqctl add_user openstack RABBIT_PASS

为新创建的 openstack 用户设置读写权

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

查看 Rabbit 用户

rabbitmqctl list_users

至此,基础服务已经全部部署完了

认证服务 Keystone

1.创建 Keystone 数据库账户

KEYSTONE_DBPASS可以查看密码表得到

mysql -uroot -pMARIADB_PASS -e "CREATE DATABASE keystone;"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';"

2.设置 keystone 与 Apache 端口不冲突

将 manual 写入到 /etc/init/keystone.override 中

echo "manual" > /etc/init/keystone.override

3.安装 keystone

apt-get -y install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

4.生成 Admin_Token

生成的是一个10位的密钥,即为密码表中的 KEYSTONE_ADMIN_TOKEN

openssl rand -hex 10

5.设置 Keystone 配置文件

首先将配置文件备份一份,然后留下一份不含有注释和空行的配置

mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
cat /etc/keystone/keystone.conf.bak|grep -v "^#"|grep -v "^$">/etc/keystone/keystone.conf

然后编辑配置文件,按照如下进行设置

vi /etc/keystone/keystone.conf
# -----------------------------------------
[DEFAULE]
#配置Keystone的Admin Token
admin_token = KEYSTONE_ADMIN_TOKEN
#显示详细日志输出
verbose = True
# -----------------------------------------
[database]
注释掉之前的数据库连接信息
#connection = sqlite:////var/lib/keystone/keystone.db
#数据库链接信息
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
# -----------------------------------------
[memcache]
#memcache服务信息
servers = localhost:11211
# -----------------------------------------
[token]
#UUID临牌提供者
provider = keystone.token.providers.uuid.Provider
#memcached持久化驱动
driver = keystone.token.persistence.backends.memcache.Token
# -----------------------------------------
[revoke]
#SQL的撤回驱动
driver = keystone.contrib.revoke.backends.sql.Revoke
# -----------------------------------------

6.同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone


7.配置 Apache HTTP Server

编辑 /etc/apache2/apache2.conf

vi /etc/apache2/apache2.conf
#首行加入
# -----------------------------------------
ServerName controller
# -----------------------------------------

创建 wsgi-keystone.conf,内容如下

vi /etc/apache2/sites-available/wsgi-keystone.conf
# -----------------------------------------
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
        ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
        ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    LogLevel info
    ErrorLog /var/log/apache2/keystone-error.log
    CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
# -----------------------------------------

启用认证服务的虚拟主机

a2ensite wsgi-keystone.conf

创建认证目录及脚本

mkdir -p /var/www/cgi-bin/keystone

下载认证脚本

curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin

设置目录和权限

chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod 755 /var/www/cgi-bin/keystone/*

重启HTTP服务

service apache2 restart

删除 Keystone 默认创建的 SQLite 数据库

rm -rfv /var/lib/keystone/keystone.db

8.设置临时环境变量

这里的OS_TOKEN即为KEYSTONE_ADMIN_TOKEN

export OS_TOKEN=KEYSTONE_ADMIN_TOKEN
export OS_URL=http://controller:35357/v2.0

9.为认证服务创建服务实体

openstack service create --name keystone --description "OpenStack Identity" identity

10.配置认证服务的API端点

openstack endpoint create \
--publicurl http://controller:5000/v2.0 \
--internalurl http://controller:5000/v2.0 \
--adminurl http://controller:35357/v2.0 \
--region RegionOne \
identity

11.创建项目、用户和角色

创建admin用户

#创建admin项目
openstack project create --description "Admin Project" admin
#创建用户 admin,这里需要输入密码,密码即为密码表中的 KEYSTONE_ADMIN_PASS
openstack user create --password-prompt admin
#创建租户 admin
openstack role create admin
#为项目admin和租户admin添加管理角色为admin
openstack role add --project admin --user admin admin
#为其他 OpenStack 服务创建服务项目
openstack project create --description "Service Project" service

创建demo用户

#创建项目 demo
openstack project create --description "Demo Project" demo
#创建用户 demo,这里也需要输入密码,密码即为密码表中的 KEYSTONE_DEMO_PASS
openstack user create --password-prompt demo
#创建租户 user
openstack role create user
#为项目demo和租户demo添加角色为user
openstack role add --project demo --user demo user

12.配置认证配置文件

将认证配置文件备份一下

cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak

取消掉环境变量

unset OS_TOKEN OS_URL

编辑 /etc/keystone/keystone-paste.ini

vi /etc/keystone/keystone-paste.ini
# -----------------------------------------
[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service

[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service

[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3
# -----------------------------------------
改为
# -----------------------------------------
[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service

[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension crud_extension admin_service

[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension endpoint_policy_extension service_v3
# -----------------------------------------

具体过程为
定位到以下配置节点,删除其中的 admin_token_auth
[pipeline:public_api]
admin_token_auth

[pipeline:admin_api]
admin_token_auth

[pipeline:api_v3]
admin_token_auth
一键处理

sed -i "s/token_auth admin_token_auth/token_auth/g" /etc/keystone/keystone-paste.ini

13.创建客户端脚本

创建admin用户脚本
新建一个文本,命名为admin-openrc.sh
输入以下内容,注意将其中的KEYSTONE_ADMIN_PASS更换

vi ~/admin-openrc.sh
# -----------------------------------------
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=KEYSTONE_ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3

创建demo用户脚本
新建一个文本,命名为demo-openrc.sh
输入以下内容,注意将其中的KEYSTONE_DEMO_PASS更换

vi ~/demo-openrc.sh
# -----------------------------------------
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=KEYSTONE_DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3

14.验证

加载admin用户的脚本,然后进行验证

source ~/admin-openrc.sh
openstack token issue

至此,Keystone已经安装完成

镜像服务 Glance

1.创建 Glance 数据库账户

mysql -uroot -pMARIADB_PASS -e "CREATE DATABASE glance;"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';"

2.创建 Glance 在 Keystone 中的认证

#创建 Glance 用户,这里输入Glance在Keystone中的密码,密码可查密码表的GLANCE_PASS得到
openstack user create --password-prompt glance
#将 admin 角色添加给 Glance 用户和 Service 项目
openstack role add --project service --user glance admin
#创建 Glance 服务实体
openstack service create --name glance --description "OpenStack Image service" image
#创建 Glance 的 API Endpoint
openstack endpoint create \
--publicurl http://controller:9292 \
--internalurl http://controller:9292 \
--adminurl http://controller:9292 \
--region RegionOne \
image

3.安装 Glance 服务

apt-get -y install glance python-glanceclient

4.设置Glance

首先把Glance的配置备份,同时将其中的注释与空行去掉

mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
cat /etc/glance/glance-api.conf.bak|grep -v "^#"|grep -v "^$">/etc/glance/glance-api.conf
mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
cat /etc/glance/glance-registry.conf.bak|grep -v "^#"|grep -v "^$">/etc/glance/glance-registry.conf

按照如下设置/etc/glance/glance-api.conf

vi /etc/glance/glance-api.conf
# ------------------------·-----------------
[DEFALUT]
#使用noop通知关掉驱动通知
notification_driver = noop
#显示详细日志输出
verbose = True
# ------------------------·-----------------
[database]
#这里将之前的连接信息注释掉
#sqlite_db = /var/lib/glance/glance.sqlite
#数据库链接信息
connection = mysql://glance:GLANCE_DBPASS@controller/glance
# -----------------------------------------
[keystone_authtoken]
#这里将之前的全部注释掉
#identity_uri = http://127.0.0.1:35357
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
#revocation_cache_time = 10

#使用5000和35357端口进行身份校验
auth_uri = http://controller:5000
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#指定项目名称为service
project_name = service
#指定用户名为glance
username = glance
#指定密码为密码表中的GLANCE_PASS
password = GLANCE_PASS
# -----------------------------------------
[paste_deploy]
#指定认证使用keystone
flavor = keystone
# -----------------------------------------
[glance_store]
#指定镜像存储方式为文件(file)
default_store = file
指定镜像存储路径
filesystem_store_datadir = /var/lib/glance/images/
# -----------------------------------------

按照如下配置/etc/glance/glance-registry.conf

vi /etc/glance/glance-registry.conf
# -----------------------------------------
[DEFALUT]
#使用noop通知关掉驱动通知
notification_driver = noop
#显示详细日志输出
verbose = True
# -----------------------------------------
[database]
#这里将之前的连接信息注释掉
#sqlite_db = /var/lib/glance/glance.sqlite
#数据库链接信息
connection = mysql://glance:GLANCE_DBPASS@controller/glance
# -----------------------------------------
[keystone_authtoken]
#这里将之前的全部注释掉
#identity_uri = http://127.0.0.1:35357
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
#revocation_cache_time = 10

#使用5000和35357端口进行身份校验
auth_uri = http://controller:5000
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#指定项目名称为service
project_name = service
#指定用户名为glance
username = glance
#指定密码为密码表中的GLANCE_PASS
password = GLANCE_PASS
# -----------------------------------------
[paste_deploy]
#指定认证使用keystone
flavor = keystone
# -----------------------------------------

5.导入数据库

su -s /bin/sh -c "glance-manage db_sync" glance

6.启动 Glance 服务

service glance-registry restart
service glance-api restart

7.删除 Glance 的 SQLite 数据库

rm -f /var/lib/glance/glance.sqlite

8.设置Glance认证 API 为 2.0

echo "export OS_IMAGE_API_VERSION=2" | tee -a ~/admin-openrc.sh ~/demo-openrc.sh
source ~/admin-openrc.sh

9.导入镜像

镜像是从外网下载的cirros-0.3.4,该镜像是专门用于测试openstack的一个镜像,镜像下载地址如下
http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

mkdir /tmp/images
wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

创建镜像

glance image-create \
--name "cirros-0.3.4-x86_64" \
--file /tmp/images/cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 \
--container-format bare \
--visibility public \
--progress

10.验证Glance服务

glance image-list

至此,Glance服务安装完成

计算服务 Nova

1.创建 Nova 数据库账户

其中的MARIADB_PASS,NOVA_DBPASS可从密码表中查询得到

mysql -uroot -pMARIADB_PASS -e "CREATE DATABASE nova;"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"

2.创建 Nova 在 Keystone 中的用户

#加载admin用户的客户端脚本
source ~/admin-openrc.sh
#创建 Nova 用户,这里输入nova 的密码,密码为密码表中的NOVA_PASS的值
openstack user create --password-prompt nova
#将 admin 角色添加给 Nova 用户
openstack role add --project service --user nova admin
#创建 Nova 服务实体
openstack service create --name nova --description "OpenStack Compute" compute
#创建 Nova 的 API Endpoint
openstack endpoint create \
--publicurl http://controller:8774/v2/%\(tenant_id\)s \
--internalurl http://controller:8774/v2/%\(tenant_id\)s \
--adminurl http://controller:8774/v2/%\(tenant_id\)s \
--region RegionOne \
compute

3.安装 Nova

apt-get -y install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler python-novaclient

4.配置 Nova

首先将nova的配置去掉注释和空行,备份一份

mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
cat /etc/nova/nova.conf.bak|grep -v "^#"|grep -v "^$">/etc/nova/nova.conf

编辑/etc/nova/nova.conf

vi /etc/nova/nova.conf
# -----------------------------------------
[DEFAULT]
#显示详细日志输出
verbose = True
#指定消息队列使用RabbitMQ
rpc_backend = rabbit
#指定认证使用keystone
auth_strategy = keystone
#指定控制节点的IP地址,我这里为10.0.1.10
my_ip = 10.0.1.10
#指定VNC代理使用的IP地址,我这里为10.0.1.10
vncserver_listen = 10.0.1.10
vncserver_proxyclient_address = 10.0.1.10
# -----------------------------------------
[database]
#数据库链接信息
connection = mysql://nova:NOVA_DBPASS@controller/nova
# -----------------------------------------
[keystone_authtoken]
#使用5000和35357端口进行身份校验
auth_uri = http://controller:5000
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#指定项目名称为service
project_name = service
#指定用户名为nova
username = nova
#指定密码为密码表中的NOVA_PASS
password = NOVA_PASS
# -----------------------------------------
[glance]
#指定镜像服务的位置
host = controller
# -----------------------------------------
[oslo_messaging_rabbit]
#消息队列RabbitMQ的主机
rabbit_host = controller
#消息队列RabbitMQ的账号
rabbit_userid = openstack
#消息队列RabbitMQ的密码,该密码可查询密码表的RABBIT_PASS获得
rabbit_password = RABBIT_PASS
# -----------------------------------------
[oslo_concurrency]
#指定nova锁的路径
lock_path = /var/lock/nova
# -----------------------------------------

5.导入数据库

su -s /bin/sh -c "nova-manage db sync" nova

6.启动 Nova 服务

service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart

7.删除 Nova 的 SQLite 数据库

rm -f /var/lib/nova/nova.sqlite

接下来安装计算节点的nova,计算节点的部署过程在
http://blog.l1n3.net/cloud/openstack/openstack-deploy-compute/

8.验证 Nova 服务

验证需要完成计算节点的Nova安装

source ~/admin-openrc.sh
nova service-list
nova endpoints
nova image-list

至此,Nova安装完成

网络服务 Neutron

1.创建数据库

mysql -uroot -pMARIADB_PASS -e "CREATE DATABASE neutron;"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';"

2.创建 Neutron 在 Keystone 中的用户

#加载admin用户的客户端脚本
source ~/admin-openrc.sh
#创建 Neutron 用户,这里输入 Neutron 在 Keystone 中的密码,密码可查密码表的 NEUTRON_PASS 得到
openstack user create --password-prompt neutron
#将 admin 角色添加给 neutron 用户
openstack role add --project service --user neutron admin
#创建 neutron 服务实体
openstack service create --name neutron --description "OpenStack Networking" network
#创建 neutron 的 API Endpoint
openstack endpoint create \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
--region RegionOne \
network

3.安装 Neutron

apt-get -y install neutron-server neutron-plugin-ml2 python-neutronclient

4.配置 Neutron

将neutron相关的配置去掉注释和空行,备份一份,一共是三个文件

mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
cat /etc/neutron/neutron.conf.bak |grep -v "^#"|grep -v "^$">/etc/neutron/neutron.conf
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
cat /etc/neutron/plugins/ml2/ml2_conf.ini.bak|grep -v "^#"|grep -v "^$">/etc/neutron/plugins/ml2/ml2_conf.ini
mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
cat /etc/nova/nova.conf.bak|grep -v "^#"|grep -v "^$">/etc/nova/nova.conf

配置neutron,编辑/etc/neutron/neutron.conf

vi /etc/neutron/neutron.conf
# -----------------------------------------
[DEFAULT]
#显示详细日志输出
verbose = True
#消息队列使用RabbitMQ
rpc_backend = rabbit
#指定核心插件为ml2
core_plugin = ml2
#指定开启路由服务
service_plugins = router
#指定允许IP地址重叠
allow_overlapping_ips = True
#指定开启网络拓扑结构更改通知
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
#指定认证使用keystone
auth_strategy = keystone
# -----------------------------------------
[keystone_authtoken]
#注释掉之前的内容
#auth_uri = http://127.0.0.1:35357/v2.0/
#identity_uri = http://127.0.0.1:5000
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%

#使用5000和35357端口进行身份校验
auth_uri = http://controller:5000
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#指定项目名称为service
project_name = service
#指定认证用户名为neutron
username = neutron
#指定认证密码为NEUTRON_PASS
password = NEUTRON_PASS
# -----------------------------------------
[database]
#注释掉之前的连接信息
#connection = sqlite:////var/lib/neutron/neutron.sqlite

#指定数据库链接密码查询密码表的NEUTRON_DBPASS得到
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
# -----------------------------------------
[nova]
#使用35357端口进行身份校验
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#域的名称为RegionOne
region_name = RegionOne
#指定项目名称为service
project_name = service
#指定认证用户名为neutron
username = nova
#指定认证密码为NOVA_PASS
password = NOVA_PASS
# -----------------------------------------
[oslo_messaging_rabbit]
#消息队列RabbitMQ的主机
rabbit_host = controller
#消息队列RabbitMQ的账号
rabbit_userid = openstack
#消息队列RabbitMQ的密码,该密码可查询密码表的RABBIT_PASS获得
rabbit_password = RABBIT_PASS
# -----------------------------------------

配置ML2插件,编辑/etc/neutron/plugins/ml2/ml2_conf.ini

vi /etc/neutron/plugins/ml2/ml2_conf.ini
# -----------------------------------------
[ml2]
#启用的网络驱动
type_drivers = flat,vlan,gre,vxlan
#指定租户使用的网络类型
tenant_network_types = gre
#指定OVS驱动
mechanism_drivers = openvswitch
# -----------------------------------------
[ml2_type_gre]
#指定隧道ID范围
tunnel_id_ranges = 1:1000
# -----------------------------------------
[securitygroup]
#指定开启安全组
enable_security_group = True
#指定开启IPSET设置
enable_ipset = True
#指定OVS iptables的防火墙驱动
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# -----------------------------------------

配置nova使用neutron网络,编辑/etc/nova/nova.conf

vi /etc/nova/nova.conf
# -----------------------------------------
[DEFAULT]
#指定neutron使用的APIs
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
#指定网络驱动
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
#指定防火墙驱动
firewall_driver = nova.virt.firewall.NoopFirewallDriver
# -----------------------------------------
#原本里面试没有neutron这个子配置的,新添加进去就行
[neutron]
#使用9696端口进行身份校验
url = http://controller:9696
#指定认证使用keystone
auth_strategy = keystone
#指定认证URL
admin_auth_url = http://controller:35357/v2.0
#指定认证的租户
admin_tenant_name = service
#指定用户名
admin_username = neutron
#指定密码为密码表中的NEUTRON_PASS
admin_password = NEUTRON_PASS
# -----------------------------------------

5.导入数据库

su -s /bin/sh -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
upgrade head" neutron

6.启动服务

service nova-api restart
service neutron-server restart

7.验证控制节点的网络服务

source ~/admin-openrc.sh
neutron ext-list

8.设置 Metadata

编辑 /etc/nova/nova.conf

vi /etc/nova/nova.conf
# -----------------------------------------
[neutron]
#开启metadata代理
service_metadata_proxy = True
#指定metadata共享密钥,密钥可以在密码表中的METADATA_SECRET查询
metadata_proxy_shared_secret = METADATA_SECRET
# -----------------------------------------

重启nova

service nova-api restart

到这里之后就可以去安装网络节点的服务了
http://blog.l1n3.net/cloud/openstack/openstack-deploy-network/

9.验证网络节点的安装

需要先完成网络节点的全部安装!!!

#生效keystone的admin配置
source ~/admin-openrc.sh
#查看neutron的代理列表
neutron agent-list

接下来可以安装计算节点的neutron服务
http://blog.l1n3.net/cloud/openstack/openstack-deploy-compute/

10.验证计算节点的安装

需要先完成计算节点的全部安装!!!

#生效keystone的admin配置
source ~/admin-openrc.sh
#查看neutron的代理列表
neutron agent-list

11.创建网络

需要之前的两个验证全部通过
首先创建外部网络

#生效admin配置
source ~/admin-openrc.sh
neutron net-create ext-net \
--router:external \
--provider:physical_network external \
--provider:network_type \
flat

在外部网络上创建子网,也可以在Dashboard里创建

#这里的地址池为外网的地址池
neutron subnet-create ext-net 192.168.100.0/24 \
--name ext-subnet \
--allocation-pool start=192.168.100.200,end=192.168.100.220 \
--disable-dhcp \
--gateway 192.168.100.2

创建租户网络
生效demo配置

source ~/demo-openrc.sh

在租户网络上创建网络

neutron net-create demo-net
#在demo-net上创建子网
neutron subnet-create demo-net 192.168.1.0/24 \
--name demo-subnet \
--gateway 192.168.1.1
#创建租户路由
neutron router-create demo-router
#把路由添加到demo租户的子网
neutron router-interface-add demo-router demo-subnet
#添加路由到外部网络
neutron router-gateway-set demo-router ext-net

至此,网络组建全部安装完成

控制台服务 Horizon

1.安装Dashboard

apt-get -y install openstack-dashboard

2.配置Dashboard

备份配置,且去掉注释和空行

mv /etc/openstack-dashboard/local_settings.py /etc/openstack-dashboard/local_settings.py.bak
cat /etc/openstack-dashboard/local_settings.py.bak|grep -v "^#"|grep -v "^$">/etc/openstack-dashboard/local_settings.py

编辑/etc/openstack-dashboard/local_settings.py

vi /etc/openstack-dashboard/local_settings.py
# -----------------------------------------
OPENSTACK_HOST = "controller"
# -----------------------------------------
ALLOWED_HOSTS = '*'
# -----------------------------------------
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': '127.0.0.1:11211',
    }
}
#CACHES = {
#    'default': {
#        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
#    }
#}
# -----------------------------------------
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# -----------------------------------------

3.重启 Apache

service apache2 reload

4.打开浏览器访问 Dashboard

http://controller/horizon


至此,Dashboard以及全部安装完成,Openstack的必要组建也全部安装完成

Cinder 部署

1.创建数据库

CINDER_DBPASS可以查看密码表得到

mysql -uroot -pMARIADB_PASS -e "CREATE DATABASE cinder;"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';"
mysql -uroot -pMARIADB_PASS -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';"

2.创建 Cinder 在 Keystone 中的用户

#加载admin用户的客户端脚本
source ~/admin-openrc.sh
#创建 Cinder 用户,这里输入 Cinder 在 Keystone 中的密码,密码可查密码表的 CINDER_PASS 得到
openstack user create --password-prompt cinder
#将 admin 角色添加给 cinder 用户
openstack role add --project service --user cinder admin
#创建 cinder 服务实体
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volume2
#创建 cinder 的 API Endpoint
openstack endpoint create \
--publicurl http://controller:8776/v2/%\(tenant_id\)s \
--internalurl http://controller:8776/v2/%\(tenant_id\)s \
--adminurl http://controller:8776/v2/%\(tenant_id\)s \
--region RegionOne \
volume
openstack endpoint create \
--publicurl http://controller:8776/v2/%\(tenant_id\)s \
--internalurl http://controller:8776/v2/%\(tenant_id\)s \
--adminurl http://controller:8776/v2/%\(tenant_id\)s \
--region RegionOne \
volume2

3.安装 Cinder 服务

apt-get -y install cinder-api cinder-scheduler python-cinderclient

4.设置 Cinder

首先是把配置备份

mv /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
cat /etc/cinder/cinder.conf.bak|grep -v "^#"|grep -v "^$">/etc/cinder/cinder.conf

然后按照如下修改配置

vi /etc/cinder/cinder.conf
# ------------------------·-----------------
[DEFALUT]
#消息队列使用RabbitMQ
rpc_backend = rabbit
#指定认证使用keystone
auth_strategy = keystone
#指定控制节点的IP地址,我这里为10.0.1.10
my_ip = 10.0.1.10
#显示详细日志输出
verbose = True
# ------------------------·-----------------
[database]
#这里将之前的连接信息注释掉
#sqlite_db = /var/lib/cinder/cinder.sqlite
#数据库链接信息
connection = mysql://cinder:123456@controller/cinder
# -----------------------------------------
[keystone_authtoken]
#这里将之前的全部注释掉
#identity_uri = http://127.0.0.1:35357
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
#revocation_cache_time = 10

#使用5000和35357端口进行身份校验
auth_uri = http://controller:5000
auth_url = http://controller:35357
#校验方式为密码(password)
auth_plugin = password
#指定项目和用户域为 defalut
project_domain_id = default
user_domain_id = default
#指定项目名称为service
project_name = service
#指定用户名为cinder
username = cinder
#指定密码为密码表中的CINDER_PASS
password = 123456
# -----------------------------------------
[oslo_messaging_rabbit]
#消息队列RabbitMQ的主机
rabbit_host = controller
#消息队列RabbitMQ的账号
rabbit_userid = openstack
#消息队列RabbitMQ的密码,该密码可查询密码表的RABBIT_PASS获得
rabbit_password = 123456
# -----------------------------------------
[oslo_concurrency]
#指定nova锁的路径
lock_path = /var/lock/cinder
# -----------------------------------------

5.导入数据库

su -s /bin/sh -c "cinder-manage db sync" cinder

6.启动服务

service cinder-scheduler restart
service cinder-api restart

7.删除 Cinder 的 SQLite 数据库

rm -f /var/lib/cinder/cinder.sqlite

然后开始部署块存储节点
http://blog.l1n3.net/cloud/openstack/openstack-deploy-storage/

8.验证安装

先在用户脚本中添加cinder信息

echo "export OS_VOLUME_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh

然后进行验证

source admin-openrc.sh
cinder service-list

Swift 部署

其他说明

如需转载烦请注明出处
来自于LinE's Blog
From: http://blog.l1n3.net
谢谢~~

分类: OpenStack 标签: ,
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.