OpenStack Grizzly版本(Ubuntu 12.04)配置
1. 我们在一天VMware虚拟机上(双网卡)使用Ubuntu 12.04.1 和 OpenVSwitch 1.4.6 来搭建OpenStack的Grizzly版本的平台。 由于OpenVSwitch的版本对Ubuntu系统的内核版本有依赖,建议在安装前请确认二者之间是否兼容。无论是在物理机器中还是VMware 中配置,都需要开启CPU 的虚拟化(Intel VT-x/EPT 或AMD-V/RVI(V)。需要注意的是:在以下对配置文件的修改过程中,每一个配置行前都不能留空格,以免引起不必要的错误!!! 2. 为了提高Ubuntu 12.04.1的更新速度,将163的源加入/etc/apt/sources.list中。
3. 添加OpenStack Grizzly版本的库:
安装:apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
# cat > /etc/apt/sources.list.d/grizzly.listcreate database keystone;
mysql> grant all on keystone.* to 'keystone'@'%' identified by 'keystone';
mysql> flush privileges; quit;
修改/etc/keystone/keystone.conf中的数据库连接:
connection = mysql://keystone:keystone@172.15.0.111/keystone
重启keystone和同步数据库:
service keystone restart
keystone-manage db_sync
修改如下两个文件的权限:
chmod +x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
运行这两个脚本:
./keystone_basic.sh
./keystone_endpoints_basic.sh
创建一个凭证文件:
# cat > /root/creds.sh > /root/.bashrc
# source /root/creds.sh
10. 安装glance:
apt-get install -y glance
创建glance数据库:
#mysql -uroot -p
mysql> create database glance;
mysql> grant all on glance.* to 'glance'@'%' identified by 'glance';
mysql> flush privileges; quit;
修改 /etc/glance/glance-api-paste.ini:
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
修改 /etc/glance/glance-registry-paste.ini:
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
修改/etc/glance/glance-api.conf:
sql_connection = mysql://glance:glance@172.15.0.111/glance
flavor = keystone
修改/etc/glance/glance-registry.conf:
sql_connection = mysql://glance:glance@172.15.0.111/glance
flavor = keystone
重启glance-api和glance-registry服务并同步数据库:
service glance-api restart; service glance-registry restart
glance-manage db_sync
service glance-api restart; service glance-registry restart
上传镜像,下载Cirros img作为测试使用:
# wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
# glance image-create --name='cirros' --public --container-format=ovf --disk-format=qcow2 < ./cirros-0.3.0-x86_64-disk.img
查看刚才上传的镜像:
glance image-list
11.安装quantum
安装openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
创建网桥:
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth0 (将eth0加入br-ex)
手动配置网卡配置文件:
#vi /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br-ex
iface br-ex inet static
address 192.168.8.20
netmask 255.255.255.0
gateway 192.168.8.1
dns-nameservers 208.67.222.222
auto eth1
iface eth1 inet static
address 172.15.0.111
netmask 255.255.255.0
安装quantum和相关组件:
apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent
创建数据:
mysql -uroot -p
mysql> create database quantum;
mysql> grant all on quantum.* to 'quantum'@'%' identified by 'quantum';
mysql> flush privileges; quit;
查看quantum的相关组件是否运行:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done
修改/etc/quantum/api-paste.ini:
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = password
修改OVS plugin的配置文件/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini:
#Under the database section
sql_connection = mysql://quantum:quantum@172.15.0.111/quantum
#Under the OVS section
tenant_network_type = gre
tunnel_id_ranges = 1:1000
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 172.15.0.111
enable_tunneling = True
#Firewall driver for realizing quantum security group function
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
修改/etc/quantum/metadata_agent.ini:
# The Quantum user information for accessing the Quantum API.
auth_url = http://172.15.0.111:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = password
# IP address used by Nova metadata server
nova_metadata_ip = 127.0.0.1
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
metadata_proxy_shared_secret = helloOpenStack
修改 /etc/quantum/quantum.conf:
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = password
signing_dir = /var/lib/quantum/keystone-signing
重启quantum的所有服务:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
service dnsmasq restart
12. 安装nova:
apt-get install nova-api nova-novncproxy novnc nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-compute nova-conductor
创建数据库:
# mysql -uroot -p
mysql> create database nova;
mysql> grant all on nova.* to 'nova'@'%' identified by 'nova';
mysql> flush privileges; quit;
查看nova所有服务的状态:
cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done
修改配置文件/etc/nova/api-paste.ini:
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = password
signing_dirname = /tmp/keystone-signing-nova
# Workaround for http://bugs.launchpad.net/nova/+bug/1154809
auth_version = 2.0v
修改 /etc/nova/nova.conf文件:
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
verbose=True
api_paste_config=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=172.15.0.111
nova_url=http://172.15.0.111:8774/v1.1/
sql_connection=mysql://nova:nova@172.15.0.111/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging
glance_api_servers=172.15.0.111:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://192.168.8.20:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=172.15.0.111
vncserver_listen=0.0.0.0
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://172.15.0.111:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=password
quantum_admin_auth_url=http://172.15.0.111:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
#If you want Quantum + Nova Security groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
metadata_host = 172.15.0.111
metadata_listen = 127.0.0.1
metadata_listen_port = 8775
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
修改/etc/nova/nova-compute.conf文件:
libvirt_type= qemu #kvm主要配置在物理机器上,在vmware上应该配置为qemu
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
同步数据库:
nova-manage db sync
重启nova-*服务:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
检查nova-*服务:
nova-manage service list
13. cinder安装
apt-get install cinder-api cinder-common cinder-scheduler cinder-volume python-cinderclient
创建数据库:
#mysql -uroot -p
mysql> create database cinder;
mysql> grant all on cinder.* to 'cinder'@'%' identified by 'cinder';
mysql> flush privileges; quit;
修改配置文件/etc/cinder/api-paste.ini:
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_protocol = http
service_host = 172.15.0.111
service_port = 5000
auth_host = 172.15.0.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = password
signing_dir = /var/lib/cinder
修改配置文件/etc/cinder/cinder.conf:
rootwrap_config=/etc/cinder/rootwrap.conf
sql_connection = mysql://cinder:cinder@172.15.0.111/cinder
api_paste_config = /etc/cinder/api-paste.ini
iscsi_helper=tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volume_dir = /var/lib/cinder/volumes
#osapi_volume_listen_port=5900
同步数据库:
cinder-manage db sync
重启cinder的服务:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
查看cinder的服务:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
14. 安装Horizon
apt-get -y install openstack-dashboard memcached
可以选择性删除OpenStack Ubuntu theme:
dpkg --purge openstack-dashboard-ubuntu-theme
修改memcached的监听地址:
# vi /etc/openstack-dashboard/local_settings.py
DEBUG = True
重启apache2和memcached服务:
service apache2 restart; service memcached restart
15. 创建网络
EXTERNAL_NET_ID=$(quantum net-create external_net1 --router:external=True | awk '/ id / {print $4}')
SUBNET_ID=$(quantum subnet-create external_net1 192.168.8.0/24 --name=external_subnet1 --gateway_ip 192.168.8.1 --enable_dhcp=False | awk '/ id / {print $4}')
修改组策略:
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
16. 后续使用
页:
[1]