OpenStack Controller HA (2)
3.安装openstack服务3.1.安装配置qpid
(1).更新第三方yum源
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-8.noarch.rpm
(2).安装配置qpid
# yum -y install mysql qpid-cpp-server memcached
# vi /etc/qpidd.conf
………………
auth=no
(3).启动qpid服务
# service qpidd start
# chkconfig qpidd on
3.2.安装配置keystone
(1).yum安装keystone
# yum -y install openstack-keystone
(2).配置keystone服务
# cp -av /etc/keystone/keystone.conf/etc/keystone/keystone.conf_bak
# sed -i '/^#/d' /etc/keystone/keystone.conf
# sed -i '/^$/d' /etc/keystone/keystone.conf
# openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@mysqlserver/keystone
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token c9d9d3ed3c12dd70ede7
# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller01
# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller02
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# scp -r /etc/keystone/ssl root@controller02:/etc/keystone/
# touch /var/log/keystone/keystone.log
# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
(3).同步keystone数据库
# keystone-manage db_sync
(4).启动keystone服务
# service openstack-keystone start
# chkconfig openstack-keystone on
(5).配置环境变量
# vi ~/.bash_profile
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:5000/v2.0
export SERVICE_ENDPOINT=http://controller:35357/v2.0
export SERVICE_TOKEN=c9d9d3ed3c12dd70ede7
# source ~/.bash_profile
(6).创建user、定义services和endpoint
# keystone tenant-create --name=admin --description='Admin Tenant'
# keystone tenant-create --name=service --description='Service Tenant'
# keystone user-create --name=admin --pass=password --email=keystone@chensh.net
# keystone role-create --name=admin
# keystone user-role-add --user=admin --tenant=admin --role=admin
# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
# mkdir /root/config
# vi /root/config/keystone-endpoint.sh
#!/bin/bash
my_ip=controller
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0
# sh /root/config/keystone-endpoint.sh
(7).验证keystone
# keystone user-list
# keystone role-list
# keystone endpoint-list
3.3.安装配置glance
(1).yum安装glance
# yum -y install openstack-glance
(2).创建user、定义services和endpoint
# keystone user-create --name=glance --pass=service --email=glance@chensh.net
# keystone user-role-add --user=glance --tenant=service --role=admin
# keystone service-create --name=glance --type=image --description="Glance Image Service"
# vi /root/config/glance-endpoint.sh
#!/bin/bash
my_ip=controller
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292
# sh /root/config/glance-endpoint.sh
(3).定义glance配置文件
# cp -av /etc/glance/glance-api.conf /etc/glance/glance-api.conf_bak
# cp -av /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf_bak
# sed -i '/^#/d' /etc/glance/glance-api.conf
# sed -i '/^$/d' /etc/glance/glance-api.conf
# sed -i '/^#/d' /etc/glance/glance-registry.conf
# sed -i '/^$/d' /etc/glance/glance-registry.conf
# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller01
# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller01
# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller01
# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller01
# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller01
# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller02
# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller02
# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller02
# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller02
# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller02
# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service
# openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini
# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service
# openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini
# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
# cp -av /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
# cp -av /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
# chown -R root:glance /etc/glance/glance-api-paste.ini
# chown -R root:glance /etc/glance/glance-registry-paste.ini
# cp -av /etc/glance/glance-api-paste.ini /etc/glance/glance-api-paste.ini_bak
# cp -av /etc/glance/glance-registry-paste.ini /etc/glance/glance-registry-paste.ini_bak
# sed -i '/^#/d' /etc/glance/glance-api-paste.ini
# sed -i '/^$/d' /etc/glance/glance-api-paste.ini
# sed -i '/^#/d' /etc/glance/glance-registry-paste.ini
# sed -i '/^$/d' /etc/glance/glance-registry-paste.ini
# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host controller
# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service
# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host controller
# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service
# openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /openstack/glance/images
# openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /openstack/glance/scrubber
# openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /openstack/glance/image-cache
(4).修改glance数据文件
# cp -av /var/lib/glance /openstack/
# chown -R glance:glance /openstack/glance
(5).设置日志权限
# touch /var/log/glance/registry.log
# chown -R glance:glance /var/log/glance
(6).同步glance数据库
# glance-manage db_sync
(7).启动glance服务
# service openstack-glance-api start
# service openstack-glance-registry start
# chkconfig openstack-glance-api on
# chkconfig openstack-glance-registry on
(8).功能测试
# glance image-create --name=centos6.4_20G --disk-format=qcow2 --container-format=ovf --is-public=true < centos6.4_20G.qcow2
# glance image-list
3.4.安装配置nova
(1).yum安装nova
# yum -y install openstack-nova
(2).创建user、定义services和endpoint
# keystone user-create --name=nova --pass=service --email=nova@chensh.net
# keystone user-role-add --user=nova --tenant=service --role=admin
# keystone service-create --name=nova --type=compute --description="Nova Compute Service"
# vi /root/config/nova-user.sh
#!/bin/sh
my_ip=controller
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%\(tenant_id\)s --internalurl=http://$my_ip:8774/v2/%\(tenant_id\)s --adminurl=http://$my_ip:8774/v2/%\(tenant_id\)s
# sh /root/config/nova-user.sh
(3).定义nova配置文件
# cp -av /etc/nova/nova.conf /etc/nova/nova.conf_bak
# sed -i '/^#/d' /etc/nova/nova.conf
# sed -i '/^$/d' /etc/nova/nova.conf
# vi /etc/nova/nova.conf
my_ip = 192.168.20.21
auth_strategy = keystone
state_path = /openstack/nova
verbose = True
allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
libvirt_type = kvm
glance_api_servers = controller:9292
#novncproxy_base_url = http://controller01:6080/vnc_auto.html
#vncserver_proxyclient_address = controller01
vnc_enabled = true
vnc_keymap = en-us
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler
ec2_listen = controller01
ec2_listen_port = 8773
osapi_compute_listen = controller01
osapi_compute_listen_port = 8774
metadata_listen = controller01
metadata_listen_port = 8775
novncproxy_host = controller01
vncserver_listen = controller01
novncproxy_port = 6080
qpid_hosts = controller01:5672,controller02:5672
memcached_servers = controller01:11211, controller02:11211
sql_connection = mysql://nova:nova@mysqlserver/nova
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
# vi /etc/nova/nova.conf
my_ip = 192.168.20.22
auth_strategy = keystone
state_path = /openstack/nova
verbose = True
allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
libvirt_type = kvm
glance_api_servers = controller:9292
#novncproxy_base_url = http://controller02:6080/vnc_auto.html
#vncserver_proxyclient_address = controller02
vnc_enabled = true
vnc_keymap = en-us
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler
ec2_listen = controller02
ec2_listen_port = 8773
osapi_compute_listen = controller02
osapi_compute_listen_port = 8774
metadata_listen = controller02
metadata_listen_port = 8775
novncproxy_host = controller02
vncserver_listen = controller02
novncproxy_port = 6080
qpid_hosts = controller01:5672,controller02:5672
memcached_servers = controller01:11211, controller02:11211
sql_connection = mysql://nova:nova@mysqlserver/nova
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
# vi /etc/nova/api-paste.ini
auth_url = http://controller:35357/v2.0
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
(4).修改nova数据存储路径
# cp -av /var/lib/nova /openstack/
# chown -R nova:nova /openstack/nova
(5).同步nova数据库
# nova-manage db sync
(6).设置日志权限
# chown -R nova:nova /var/log/nova
(7).修正nova bug
# vi /usr/lib/python2.6/site-packages/nova/wsgi.py
Bug:https://review.openstack.org/#/c/60838/3/nova/wsgi.py
http://a.hiphotos.bdimg.com/album/pic/item/f703738da9773912f35e7681fa198618377ae2d2.jpg
(8).启动nova相关服务
# service libvirtd start
# chkconfig libvirtd on
# service messagebus start
# chkconfig messagebus on
# service openstack-nova-api start
# service openstack-nova-cert start
# service openstack-nova-consoleauth start
# service openstack-nova-scheduler start
# service openstack-nova-conductor start
# service openstack-nova-novncproxy start
# service openstack-nova-network start
# chkconfig openstack-nova-api on
# chkconfig openstack-nova-cert on
# chkconfig openstack-nova-consoleauth on
# chkconfig openstack-nova-scheduler on
# chkconfig openstack-nova-conductor on
# chkconfig openstack-nova-novncproxy on
# chkconfig openstack-nova-network on
(9).设置安全组规则
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
(10).nova功能测试
# nova image-list
# nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge=br1 --bridge-interface=eth1 --multi-host=T --dns1=202.106.0.20 --dns2=202.96.69.38
# nova boot --flavor 2 --image centos6.4_20G vm-00
页:
[1]