OpenStack----手動安裝OpenStack(分散式)
#OpenStack 手動安裝手冊(Icehouse)
##部署架構
為了更好的展現OpenStack各元件分散式部署的特點,以及邏輯網路配置的區別,本實驗不採用All in One 的部署模式,而是採用多節點分開部署的方式,方便後續學習研究。
##網路拓撲
##環境準備
本實驗採用Virtualbox Windows 版作為虛擬化平臺,模擬相應的物理網路和物理伺服器,如果需要部署到真實的物理環境,此步驟可以直接替換為在物理機上相應的配置,其原理相同。
###虛擬網路
需要新建3個虛擬網路Net0、Net1和Net2,作業系統為CentOS,其在virtual box 中對應配置如下。
Net0: Network name: VirtualBox host-only Ethernet Adapter#2 Purpose: administrator / management network IP block: 10.20.0.0/24 DHCP: disable Linux device: eth0 Net1: Network name: VirtualBox host-only Ethernet Adapter#3 Purpose: public network DHCP: disable IP block: 172.16.0.0/24 Linux device: eth1 Net2: Network name: VirtualBox host-only Ethernet Adapter#4 Purpose: Storage/private network DHCP: disable IP block: 192.168.4.0/24 Linux device: eth2
###虛擬機器
需要新建3個虛擬機器VM0、VM1和VM2,其對應配置如下。
VM0:
Name: controller0
vCPU:1
Memory :1G
Disk:30G
Networks: net1
VM1:
Name : network0
vCPU:1
Memory :1G
Disk:30G
Network:net1,net2,net3
VM2:
Name: compute0
vCPU:2
Memory :2G
Disk:30G
Networks:net1,net3
###網路設定
controller0 eth0:10.20.0.10 (management network) eht1:(disabled) eht2:(disabled) network0 eth0:10.20.0.20 (management network) eht1:172.16.0.20 (public/external network) eht2:192.168.4.20 (private network) compute0 eth0:10.20.0.30 (management network) eht1:(disabled) eht2:192.168.4.30 (private network) compute1 (optional) eth0:10.20.0.31 (management network) eht1:(disabled) eht2:192.168.4.31 (private network)
###作業系統準備
本實驗使用Linux 發行版 CentOS 6.5 x86_64,在安裝作業系統過程中,選擇的初始安裝包為“基本”安裝包,安裝完成系統以後還需要額外配置如下YUM 倉庫。
自動配置執行如此命令即可,源安裝完成後更新所有RPM包,由於升級了kernel 需要重新啟動作業系統。
yum install -y http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm
yum install -y http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update -y
reboot -h 0
接下來可以開始安裝配置啦!
###公共配置(all nodes)
以下命令需要在每一個節點都執行。
修改hosts 檔案
vi /etc/hosts
127.0.0.1 localhost
::1 localhost
10.20.0.10 controller0
10.20.0.20 network0
10.20.0.30 compute0
禁用 selinux
vi /etc/selinux/config
SELINUX=disabled
安裝NTP 服務
yum install ntp -y
service ntpd start
chkconfig ntpd on
修改NTP配置檔案,配置從controller0時間同步。(除了controller0以外)
vi /etc/ntp.conf
server 10.20.0.10
fudge 10.20.0.10 stratum 10 # LCL is unsynchronized
立即同步並檢查時間同步配置是否正確。(除了controller0以外)
ntpdate -u 10.20.0.10
service ntpd restart
ntpq -p
清空防火牆規則
vi /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
重啟防火牆,檢視是否生效
service iptables restart
iptables -L
安裝openstack-utils,方便後續直接可以通過命令列方式修改配置檔案
yum install -y openstack-utils
###基本服務安裝與配置(controller0 node)
基本服務包括NTP 服務、MySQL資料庫服務和AMQP服務,本例項採用MySQL 和Qpid 作為這兩個服務的實現。
修改NTP配置檔案,配置從127.127.1.0 時間同步。
vi /etc/ntp.conf
server 127.127.1.0
重啟ntp service
service ntpd restart
MySQL 服務安裝
yum install -y mysql mysql-server MySQL-python
修改MySQL配置
vi /etc/my.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
啟動MySQL服務
service mysqld start
chkconfig mysqld on
互動式配置MySQL root 密碼,設定密碼為“openstack”
mysql_secure_installation
Qpid 安裝訊息服務,設定客戶端不需要驗證使用服務
yum install -y qpid-cpp-server
vi /etc/qpidd.conf
auth=no
配置修改後,重啟Qpid後臺服務
service qpidd start
chkconfig qpidd on
##控制節點安裝(controller0)
主機名設定
vi /etc/sysconfig/network
HOSTNAME=controller0
網絡卡配置
vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=10.20.0.10
NETMASK=255.255.255.0
網路配置檔案修改完後重啟網路服務
serice network restart
###Keyston 安裝與配置
安裝keystone 包
yum install openstack-keystone python-keystoneclient -y
為keystone 設定admin 賬戶的 tokn
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
配置資料連線
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:[email protected]/keystone
openstack-config --set /etc/keystone/keystone.conf DEFAULT debug True
openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True
設定Keystone 用 PKI tokens
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
為Keystone 建表
mysql -uroot -popenstack -e "CREATE DATABASE keystone;"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstack';"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller0' IDENTIFIED BY 'openstack';"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstack';"
初始化Keystone資料庫
su -s /bin/sh -c "keystone-manage db_sync"
也可以直接用openstack-db 工具初始資料庫
openstack-db --init --service keystone --password openstack
啟動keystone 服務
service openstack-keystone start
chkconfig openstack-keystone on
設定認證資訊
export OS_SERVICE_TOKEN=`echo $ADMIN_TOKEN`
export OS_SERVICE_ENDPOINT=http://controller0:35357/v2.0
建立管理員和系統服務使用的租戶
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
建立管理員使用者
keystone user-create --name=admin --pass=admin [email protected]
建立管理員角色
keystone role-create --name=admin
為管理員使用者分配"管理員"角色
keystone user-role-add --user=admin --tenant=admin --role=admin
為keystone 服務建立 endpoints
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
為keystone 建立 servie 和 endpoint 關聯
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller0:5000/v2.0 \
--internalurl=http://controller0:5000/v2.0 \
--adminurl=http://controller0:35357/v2.0
驗證keystone 安裝的正確性
取消先前的Token變數,不然會干擾新建使用者的驗證。
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
先用命令列方式驗證
keystone --os-username=admin --os-password=admin --os-auth-url=http://controller0:35357/v2.0 token-get
keystone --os-username=admin --os-password=admin --os-tenant-name=admin --os-auth-url=http://controller0:35357/v2.0 token-get
讓後用設定環境變數認證,儲存認證資訊
vi ~/keystonerc
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller0:35357/v2.0
source 該檔案使其生效
source keystonerc
keystone token-get
Keystone 安裝結束。
###Glance 安裝與配置
安裝Glance 的包
yum install openstack-glance python-glanceclient -y
配置Glance 連線資料庫
openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:[email protected]/glance
openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:[email protected]/glance
初始化Glance資料庫
openstack-db --init --service glance --password openstack
建立glance 使用者
keystone user-create --name=glance --pass=glance [email protected]
並分配service角色
keystone user-role-add --user=glance --tenant=service --role=admin
建立glance 服務
keystone service-create --name=glance --type=image --description="Glance Image Service"
建立keystone 的endpoint
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ image / {print $2}') \
--publicurl=http://controller0:9292 \
--internalurl=http://controller0:9292 \
--adminurl=http://controller0:9292
用openstack util 修改glance api 和 register 配置檔案
openstack-config --set /etc/glance/glance-api.conf DEFAULT debug True
openstack-config --set /etc/glance/glance-api.conf DEFAULT verbose True
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller0:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller0
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf DEFAULT debug True
openstack-config --set /etc/glance/glance-registry.conf DEFAULT verbose True
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller0:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller0
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
啟動glance 相關的兩個服務
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
下載最Cirros映象驗證glance 安裝是否成功
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --progress --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=ovf --is-public=true < cirros-0.3.1-x86_64-disk.img
檢視剛剛上傳的image
glance image-list
如果顯示相應的image 資訊說明安裝成功。
###Nova 安裝與配置
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
在keystone中建立nova相應的使用者和服務
keystone user-create --name=nova --pass=nova [email protected]
keystone user-role-add --user=nova --tenant=service --role=admin
keystone 註冊服務
keystone service-create --name=nova --type=compute --description="Nova Compute Service"
keystone 註冊endpoint
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ compute / {print $2}') \
--publicurl=http://controller0:8774/v2/%\(tenant_id\)s \
--internalurl=http://controller0:8774/v2/%\(tenant_id\)s \
--adminurl=http://controller0:8774/v2/%\(tenant_id\)s
配置nova MySQL 連線
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:[email protected]/nova
初始化資料庫
openstack-db --init --service nova --password openstack
配置nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT debug True
openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller0
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.20.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 10.20.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 10.20.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller0:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller0
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password nova
新增api-paste.ini 的 Keystone認證資訊
openstack-config --set /etc/nova/api-paste.ini filter:authtoken paste.filter_factory keystoneclient.middleware.auth_token:filter_factory
openstack-config --set /etc/nova/api-paste.ini filter:authtoken auth_host controller0
openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name service
openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_user nova
openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_password nova
啟動服務
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
新增到系統服務
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
檢查服務是否正常
nova-manage service list
[email protected] ~]# nova-manage service list
Binary Host Zone Status State Updated_At
nova-consoleauth controller0 internal enabled :-) 2013-11-12 11:14:56
nova-cert controller0 internal enabled :-) 2013-11-12 11:14:56
nova-scheduler controller0 internal enabled :-) 2013-11-12 11:14:56
nova-conductor controller0 internal enabled :-) 2013-11-12 11:14:56
檢查程序
[[email protected] ~]# ps -ef|grep nova
nova 7240 1 1 23:11 ? 00:00:02 /usr/bin/python /usr/bin/nova-api --logfile /var/log/nova/api.log
nova 7252 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-cert --logfile /var/log/nova/cert.log
nova 7264 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-consoleauth --logfile /var/log/nova/consoleauth.log
nova 7276 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-scheduler --logfile /var/log/nova/scheduler.log
nova 7288 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-conductor --logfile /var/log/nova/conductor.log
nova 7300 1 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-novncproxy --web /usr/share/novnc/
nova 7336 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api --logfile /var/log/nova/api.log
nova 7351 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api --logfile /var/log/nova/api.log
nova 7352 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api --logfile /var/log/nova/api.log
###Neutron server安裝與配置
安裝Neutron server 相關包
yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient
在keystone中建立 Neutron 相應的使用者和服務
keystone user-create --name neutron --pass neutron --email [email protected]
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network --description "OpenStack Networking"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://controller0:9696 \
--adminurl http://controller0:9696 \
--internalurl http://controller0:9696
為Neutron 在MySQL建資料庫
mysql -uroot -popenstack -e "CREATE DATABASE neutron;"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'openstack';"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'openstack';"
mysql -uroot -popenstack -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller0' IDENTIFIED BY 'openstack';"
配置MySQL
openstack-config --set /et