wangluo010 发表于 2015-4-12 09:21:31

OpenStack Grizzly版本(Ubuntu 12.04)配置

  1.   我们在一天VMware虚拟机上(双网卡)使用Ubuntu 12.04.1 和 OpenVSwitch 1.4.6 来搭建OpenStack的Grizzly版本的平台。 由于OpenVSwitch的版本对Ubuntu系统的内核版本有依赖,建议在安装前请确认二者之间是否兼容。无论是在物理机器中还是VMware 中配置,都需要开启CPU 的虚拟化(Intel VT-x/EPT 或AMD-V/RVI(V)。

需要注意的是:在以下对配置文件的修改过程中,每一个配置行前都不能留空格,以免引起不必要的错误!!!  2.   为了提高Ubuntu 12.04.1的更新速度,将163的源加入/etc/apt/sources.list中。
  3.   添加OpenStack Grizzly版本的库:
  
  安装:apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
  # cat > /etc/apt/sources.list.d/grizzly.listcreate database keystone;
  mysql> grant all on keystone.* to 'keystone'@'%' identified by 'keystone';
  mysql> flush privileges; quit;
  修改/etc/keystone/keystone.conf中的数据库连接:
  connection = mysql://keystone:keystone@172.15.0.111/keystone
  重启keystone和同步数据库:
  service keystone restart
  keystone-manage db_sync
  
  修改如下两个文件的权限:
  chmod +x keystone_basic.sh
  chmod +x keystone_endpoints_basic.sh
  运行这两个脚本:
  ./keystone_basic.sh
  ./keystone_endpoints_basic.sh
  创建一个凭证文件:
  # cat > /root/creds.sh > /root/.bashrc
  # source /root/creds.sh
  
  10. 安装glance:
  apt-get install -y glance
  创建glance数据库:
  #mysql -uroot -p
  mysql> create database glance;
  mysql> grant all on glance.* to 'glance'@'%' identified by 'glance';
  mysql> flush privileges; quit;
  
  修改 /etc/glance/glance-api-paste.ini:
  
  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
  delay_auth_decision = true
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = glance
  admin_password = password
  
  修改 /etc/glance/glance-registry-paste.ini:
  
  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = glance
  admin_password = password
  
  修改/etc/glance/glance-api.conf:
  sql_connection = mysql://glance:glance@172.15.0.111/glance
  
  flavor = keystone
  修改/etc/glance/glance-registry.conf:
  sql_connection = mysql://glance:glance@172.15.0.111/glance
  
  flavor = keystone
  
  重启glance-api和glance-registry服务并同步数据库:
  service glance-api restart; service glance-registry restart
  glance-manage db_sync
  service glance-api restart; service glance-registry restart
  
  上传镜像,下载Cirros img作为测试使用:
  # wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
  # glance image-create --name='cirros' --public --container-format=ovf --disk-format=qcow2 < ./cirros-0.3.0-x86_64-disk.img
  查看刚才上传的镜像:
  glance image-list
  
  11.安装quantum
  
  安装openVSwitch:
  apt-get install -y openvswitch-switch openvswitch-datapath-dkms
  创建网桥:
  ovs-vsctl add-br br-int
  ovs-vsctl add-br br-ex
  ovs-vsctl add-port br-ex eth0 (将eth0加入br-ex)
  手动配置网卡配置文件:
  #vi /etc/network/interfaces
  auto lo
  iface lo inet loopback
  
  auto eth0
  iface eth0 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  up ip link set $IFACE promisc on
  down ip link set $IFACE promisc off

  down ifconfig $IFACE down
  
  auto br-ex
  iface br-ex inet static
  address 192.168.8.20
  netmask 255.255.255.0
  gateway 192.168.8.1
  dns-nameservers 208.67.222.222
  
  auto eth1
  iface eth1 inet static
  address 172.15.0.111
  netmask 255.255.255.0
  
  安装quantum和相关组件:
  apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent
  创建数据:
  mysql -uroot -p
  mysql> create database quantum;
  mysql> grant all on quantum.* to 'quantum'@'%' identified by 'quantum';
  mysql> flush privileges; quit;
  查看quantum的相关组件是否运行:
  cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done
  
  修改/etc/quantum/api-paste.ini:
  
  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = quantum
  admin_password = password
  修改OVS plugin的配置文件/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini:
  #Under the database section
  
  sql_connection = mysql://quantum:quantum@172.15.0.111/quantum
  #Under the OVS section
  
  tenant_network_type = gre
  tunnel_id_ranges = 1:1000
  integration_bridge = br-int
  tunnel_bridge = br-tun
  local_ip = 172.15.0.111
  enable_tunneling = True
  #Firewall driver for realizing quantum security group function
  
  firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  
  修改/etc/quantum/metadata_agent.ini:
  # The Quantum user information for accessing the Quantum API.
  auth_url = http://172.15.0.111:35357/v2.0
  auth_region = RegionOne
  admin_tenant_name = service
  admin_user = quantum
  admin_password = password
  
  # IP address used by Nova metadata server
  nova_metadata_ip = 127.0.0.1
  
  # TCP Port used by Nova metadata server
  nova_metadata_port = 8775
  
  metadata_proxy_shared_secret = helloOpenStack
  
  修改 /etc/quantum/quantum.conf:
  
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = quantum
  admin_password = password
  signing_dir = /var/lib/quantum/keystone-signing
  
  重启quantum的所有服务:
  cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
  service dnsmasq restart
  
  
  12. 安装nova:
  apt-get install nova-api nova-novncproxy novnc nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-compute nova-conductor
  创建数据库:
  # mysql -uroot -p
  mysql> create database nova;
  mysql> grant all on nova.* to 'nova'@'%' identified by 'nova';
  mysql> flush privileges; quit;
  
  查看nova所有服务的状态:
  
  cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done
  
  修改配置文件/etc/nova/api-paste.ini:
  
  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = nova
  admin_password = password
  signing_dirname = /tmp/keystone-signing-nova
  # Workaround for http://bugs.launchpad.net/nova/+bug/1154809
  auth_version = 2.0v
  
  修改 /etc/nova/nova.conf文件:
  
  logdir=/var/log/nova
  state_path=/var/lib/nova
  lock_path=/var/lock/nova
  verbose=True
  api_paste_config=/etc/nova/api-paste.ini
  compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
  rabbit_host=172.15.0.111
  nova_url=http://172.15.0.111:8774/v1.1/
  sql_connection=mysql://nova:nova@172.15.0.111/nova
  root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
  # Auth
  use_deprecated_auth=false
  auth_strategy=keystone
  
  # Imaging
  glance_api_servers=172.15.0.111:9292
  image_service=nova.image.glance.GlanceImageService
  # Vnc configuration
  novnc_enabled=true
  novncproxy_base_url=http://192.168.8.20:6080/vnc_auto.html
  novncproxy_port=6080
  vncserver_proxyclient_address=172.15.0.111
  vncserver_listen=0.0.0.0
  
  # Network settings
  network_api_class=nova.network.quantumv2.api.API
  quantum_url=http://172.15.0.111:9696
  quantum_auth_strategy=keystone
  quantum_admin_tenant_name=service
  quantum_admin_username=quantum
  quantum_admin_password=password
  quantum_admin_auth_url=http://172.15.0.111:35357/v2.0
  libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
  linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
  #If you want Quantum + Nova Security groups
  firewall_driver=nova.virt.firewall.NoopFirewallDriver
  security_group_api=quantum
  #If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
  #-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
  
  #Metadata
  service_quantum_metadata_proxy = True
  quantum_metadata_proxy_shared_secret = helloOpenStack
  metadata_host = 172.15.0.111
  metadata_listen = 127.0.0.1
  metadata_listen_port = 8775
  
  # Compute #
  compute_driver=libvirt.LibvirtDriver
  
  # Cinder #
  volume_api_class=nova.volume.cinder.API
  osapi_volume_listen_port=5900
  
  修改/etc/nova/nova-compute.conf文件:
  
  libvirt_type= qemu #kvm主要配置在物理机器上,在vmware上应该配置为qemu
  libvirt_ovs_bridge=br-int
  libvirt_vif_type=ethernet
  libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
  libvirt_use_virtio_for_bridges=True
  
  同步数据库:
  nova-manage db sync
  重启nova-*服务:
  cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
  检查nova-*服务:
  nova-manage service list
  
  13. cinder安装
  apt-get install cinder-api cinder-common cinder-scheduler cinder-volume python-cinderclient
  创建数据库:
  #mysql -uroot -p
  mysql> create database cinder;
  mysql> grant all on cinder.* to 'cinder'@'%' identified by 'cinder';
  mysql> flush privileges; quit;
  
  修改配置文件/etc/cinder/api-paste.ini:
  
  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
  service_protocol = http
  service_host = 172.15.0.111
  service_port = 5000
  auth_host = 172.15.0.111
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = service
  admin_user = cinder
  admin_password = password
  signing_dir = /var/lib/cinder
  
  修改配置文件/etc/cinder/cinder.conf:
  
  rootwrap_config=/etc/cinder/rootwrap.conf
  sql_connection = mysql://cinder:cinder@172.15.0.111/cinder
  api_paste_config = /etc/cinder/api-paste.ini
  iscsi_helper=tgtadm
  volume_name_template = volume-%s
  volume_group = cinder-volumes
  verbose = True
  auth_strategy = keystone
  state_path = /var/lib/cinder
  lock_path = /var/lock/cinder
  volume_dir = /var/lib/cinder/volumes
  #osapi_volume_listen_port=5900
  
  同步数据库:
  cinder-manage db sync
  重启cinder的服务:
  cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
  查看cinder的服务:
  cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
  
  14. 安装Horizon
  apt-get -y install openstack-dashboard memcached
  可以选择性删除OpenStack Ubuntu theme:
  dpkg --purge openstack-dashboard-ubuntu-theme
  修改memcached的监听地址:
  # vi /etc/openstack-dashboard/local_settings.py
  DEBUG = True
  
  重启apache2和memcached服务:
  service apache2 restart; service memcached restart
  
  15. 创建网络
  EXTERNAL_NET_ID=$(quantum net-create external_net1 --router:external=True | awk '/ id / {print $4}')
  SUBNET_ID=$(quantum subnet-create external_net1 192.168.8.0/24 --name=external_subnet1 --gateway_ip 192.168.8.1 --enable_dhcp=False | awk '/ id / {print $4}')
  
  修改组策略:
  # nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
  # nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
  
  16. 后续使用
  
页: [1]
查看完整版本: OpenStack Grizzly版本(Ubuntu 12.04)配置