论坛 › Openstack › Ubuntu 12.04 安装 Openstack

4rfdf 发表于 2013-6-21 08:48:52

Ubuntu 12.04 安装 Openstack

控制节点192.168.198.101计算机点   192.168.198.102代理节点   192.168.198.104存储节点    192.168.198.103
所有机器运行sudo apt-get updatesudo apt-get upgradesudo apt-get install -y ntpsudo sed -i 's/server ntp.ubuntu.com/serverntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g'/etc/ntp.confsudo service ntp restart
控制节点apt-get install tgt open-iscsi open-iscsi-utilsfdisk /dev/sda分一个空的分区出来这里为/dev/sda5partprobepvcreate /dev/sda5vgcreate nova-volumes /dev/sda5
Keystonesudo apt-get install keystonesudo su -rm /var/lib/keystone/keystone.dbapt-get install python-mysqldb mysql-server (password:mysql)sed –i ‘s/127.0.0.1/0.0.0.0/g’ /etc/mysql/my.cnfservice mysql restartmysql –u root –pmysql> CREATE DATABASE keystone; mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystonepassword'; mysql> quitvim /etc/keystone/keystone.confconnection = sqlite:////var/lib/keystone/keystone.db改为connection = mysql://keystone:@192.168.198.101/keystoneadmin_token = admin                默认为ADMIN,可更改为自己想要的sudo service keystone restart keystone-manage db_sync配置keystone
创建租户(admin)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 tenant-create --name admin --description "admin" --enabled true
创建用户(admin)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id --name admin --pass admin --enabled true创建两个角色(admin, memberRole)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 role-create --name adminkeystone --token admin --endpoint http://192.168.198.101:35357/v2.0 role-create --name MemberRole为创建的用户绑定角色keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-role-add --user --tenant_id --role 创建租户(service)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 tenant-create --name service --description "service" --enabled true
创建用户(nova)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id --name nova --pass nova --enabled true为创建的用户绑定角色keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user --tenant_id --role
创建用户(glance)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id --name glance --pass glance --enabled true
为创建的用户绑定角色keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user --tenant_id --role 创建用户(swift)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id --name swift --pass swift --enabled true
为创建的用户绑定角色keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user --tenant_id --role
创建用户(ec2)keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id --name ec2 --pass ec2 --enabled true
为创建的用户绑定角色keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user --tenant_id --role 启用Keystone为了使Swift与S3 API兼容，需在keystone.conf文件中定义一个新的过滤器并启用它定义过滤器paste.filter_factory = keystone.contrib.s3:S3Extension.factory启用并更新admin_api行pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service更新为pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service定义服务可使用模板文件或后端数据库两种方法来定义使用后端数据库来下义的话keystone.conf配置文件中应包含以下两行driver = keystone.catalog.backends.sql.Catalog创建keystone服务，类型为identitykeystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=keystone--type=identity--description="Keystone Identity Service"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create--region RegionOne --service_id= --publicurl=http://192.168.198.101:5000/v2.0 --internalurl=http://192.168.198.101:5000/v2.0 --adminurl=http://192.168.198.101:35357/v2.0创建nova服务，类型为computekeystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=nova--type=compute--description="Nova Compute Service"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create--region RegionOne--service_id= --publicurl='http://192.168.198.101:8774/v2/%(tenant_id)s'--internalurl='http://192.168.198.101:8774/v2/%(tenant_id)s' --adminurl='http://192.168.198.101:8774/v2/%(tenant_id)s'创建volume服务，类型为 volumekeystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=volume--type=volume--description="Nova Volume Service"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/endpoint-create--region RegionOne--service_id= --publicurl='http://192.168.198.101:8776/v1/%(tenant_id)s' --internalurl='http://192.168.198.101:8776/v1/%(tenant_id)s' --adminurl='http://192.168.198.101:8776/v1/%(tenant_id)s'创建glance服务，类型为 imagekeystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=glance--type=image--description="Glance Image Service"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id= --publicurl=http://192.168.198.101:9292/v1 --internalurl=http://192.168.198.101:9292/v1 --adminurl=http://192.168.198.101:9292/v1创建ec2服务，类型为 ec2keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=ec2--type=ec2--description="EC2 Compatibility layer"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/endpoint-create--region RegionOne--service_id= --publicurl=http://192.168.198.101:8773/services/Cloud --internalurl=http://192.168.198.101:8773/services/Cloud --adminurl=http://192.168.198.101:8773/services/Admin创建swift服务，类型为 object-storekeystone --token admin --endpoint http://192.168.198.101:35357/v2.0/service-create--name=swift--type=object-store--description="Object Storage Service"创建服务入口（endpoint）keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=--publicurl='https://192.168.198.104:8080/v1/AUTH_%(tenant_id)s' –adminurl='https://192.168.198.104:8080/' --internalurl='https://192.168.198.104:8080/v1/AUTH_%(tenant_id)s'核实Keystone的安装
exportADMIN_TOKEN=adminexportOS_USERNAME=adminexportOS_PASSWORD=adminexportOS_TENANT_NAME=adminexportOS_AUTH_URL=http://127.0.0.1:5000/v2.0/然后用keystone user-list    keystone role-listkeystone tenant-list来查看Glanceapt-get install glance                                                                                     rm /var/lib/glance/glance.sqlite                                                                     mysql –u root –pmysql> CREATE DATABASE glance;mysql> GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glancepassword';mysql> quit                                                                                                   更新/etc/glance/glance-api-paste.iniadmin_tenant_name = serviceadmin_user = glanceadmin_password = glance增加下面的两行到/etc/glance/glance-api.confflavor = keystone增加下列两行到/etc/glance/glance-registry.confflavor = keystone更新/etc/glance/glance-registry-paste.iniadmin_tenant_name = serviceadmin_user = glanceadmin_password = glance
更新glance-registry-paste.initpipeline行的内容为#pipeline = context registryapp# NOTE: use the following pipeline for keystonepipeline = authtoken auth-context context registryapp更改/etc/glance/glance-registry.conf连接mysqlsql_connection = mysql://glance:yourpassword@192.168.18.129/glanceglance-manage version_control 0    glance-manage db_syncservice glance-registry restart service glance-api restart测试glanceglance index   无输出是正常下载imagecd ~wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.imgwget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img上传imageglance add name=cirros-0.3.0-x86_64 is_public=truecontainer_format=bare disk_format=qcow2 < cirros-0.3.0-x86_64-disk.imgglance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.imgglance index 准备配置网络
在一块单一的网卡上使用FlatDHCP网络模式/etc/network/interfaceseth0:公网IP、网关br100: 节点之间的通信# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceauto eth0iface eth0 inet dhcp# Bridge network interface for VM networks auto br100 iface br100 inet static address 10.0.0.1 netmask 255.255.255.0 bridge_stp offbridge_fd 0
安装bridge-utilssudo apt-get install bridge-utils确保Bridge的设置，如果在nova.conf文件中添加了flat_network_bridge=br100，当nova-manage network运行时会自动开启sudo brctl addbr br100Novamysql –u root –pmysql> CREATE DATABASE nova;mysql> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'novapassword';mysql> quitapt-get install rabbitmq-serverapt-get install nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-networkkvm nova-objectstore nova-compute-kvm编辑 /etc/nova/api-paste.ini , 修改末尾3行#admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin_user = novaadmin_password = nova编辑/etc/nova/nova.conf 文件，###### LOGS/STATE#verbose=Trueverbose=False###### AUTHENTICATIONauth_strategy=keystone###### SCHEDULER#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedulerscheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMESvolume_group=nova-volumesvolume_name_template=volume-%08xiscsi_helper=tgtadm###### DATABASEsql_connection=mysql://nova:novapassword@192.168.198.101/nova###### COMPUTElibvirt_type=kvm#libvirt_type=qemuconnection_type=libvirtinstance_name_template=instance-%08xapi_paste_config=/etc/nova/api-paste.iniallow_resize_to_same_host=Truelibvirt_use_virtio_for_bridges=truestart_guests_on_host_boot=trueresume_guests_state_on_host_boot=true###### APISosapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensionsallow_admin_api=trues3_host=192.168.198.101cc_host=192.168.198.101###### RABBITMQrabbit_host=192.168.198.101###### GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.198.101:9292###### NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0flat_interface=eth0flat_network_bridge=br100fixed_range=10.0.0.0/24multi_host=true###### NOVNC CONSOLEnovnc_enabled=truenovncproxy_base_url= http://192.168.198.101:6080/vnc_auto.htmlvncserver_proxyclient_address=192.168.198.101vncserver_listen=192.168.198.101########Novalogdir=/var/log/novastate_path=/var/lib/novalock_path=/var/lock/nova#####MISCuse_deprecated_auth=falseroot_helper=sudo nova-rootwrap设置目录权限chown -R nova:nova /etc/nova创建重启nova脚本vim /restart.sh#!/bin/bashfor a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novncnova-consoleauth; do service "$a" stop; donefor a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novncnova-consoleauth; do service "$a" start; donebash /restart.sh同步数据库nova-manage db sync创建Fix IPFIX IP，就是分配给虚拟机的实际IP地址。这些数据都会写入数据库nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br100 --bridge_interface=eth0 --network_size=256 –multi_host=T创建floating IP所谓Floating IP，是亚马逊EC2的定义。简单说，就是公网的IP。他其实是通过类似防火墙类似，做一个映射。实际上是通过iptables来实现映射.nova-manage floating create –ip_range=192.168.198.32/27Dashboardapt-get install -ymemcached libapache2-mod-wsgi openstack-dashboardvim /etc/openstack-dashboard/local_settings.pyCACHE_BACKEND = ‘memcached://127.0.0.1:11211/’mysql –u root –pmysql> CREATE DATABASE dash;mysql> GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY'dashpassword';mysql> quit然后配置local_settings.py或使用manage.py syncdb命令构建数据库vim /etc/openstack-dashboard/local_settings.pyDATABASES = {    'default': {      'ENGINE': 'django.db.backends.mysql',      'NAME': 'dash',      'USER': 'dash',      'PASSWORD': 'dashpassword',      'HOST': '192.168.198.101',      'default-character-set': 'utf8'    },}                更改这些设置连接到Mysql数据库$ /usr/share/openstack-dashboard/manage.py syncdb 如果你不想看到apache的警告，创建下面目录在dashboard下sudo mkdir –p /var/lib/dash/.blackhole重启服务/etc/init.d/apache2 restartsudo restart nova-api计算机节点sudo apt-get install nova-api nova-network nova-compute nova-common nova-compute-kvm python-nova python-novaclient python-keystone python-keystoneclient mysql-clientvim /etc/nova/api-paste.ini admin_tenant_name = serviceadmin_user = novaadmin_password = chenshakevim /etc/nova/nova.conf ##### LOGS/STATE#verbose=Trueverbose=False###### AUTHENTICATIONauth_strategy=keystone###### SCHEDULER#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedulerscheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMESvolume_group=nova-volumesvolume_name_template=volume-%08xiscsi_helper=tgtadm###### DATABASEsql_connection=mysql://nova:novapassword@192.168.198.101/nova###### COMPUTElibvirt_type=kvm#libvirt_type=qemuconnection_type=libvirtinstance_name_template=instance-%08xapi_paste_config=/etc/nova/api-paste.iniallow_resize_to_same_host=Truelibvirt_use_virtio_for_bridges=truestart_guests_on_host_boot=trueresume_guests_state_on_host_boot=true###### APISosapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensionsallow_admin_api=trues3_host=192.168.198.101cc_host=192.168.198.101###### RABBITMQrabbit_host=192.168.198.101###### GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.198.101:9292###### NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0flat_interface=eth0flat_network_bridge=br100fixed_range=10.0.0.0/24multi_host=true###### NOVNC CONSOLEnovnc_enabled=truenovncproxy_base_url= http://192.168.198.101:6080/vnc_auto.htmlvncserver_proxyclient_address=192.168.198.102vncserver_listen=192.168.198.102########Novalogdir=/var/log/novastate_path=/var/lib/novalock_path=/var/lock/nova#####MISCuse_deprecated_auth=falseroot_helper=sudo nova-rootwrapchown -R nova:nova /etc/novavim /restart.sh#!/bin/bashfor a in libvirt-bin nova-networknova-compute \nova-api ; do service "$a" stop; donefor a in libvirt-bin nova-networknova-compute \nova-api ; do service "$a" start; donebash /restart.sh代理节点# apt-get install swift openssh-serverrsync memcached python-netifaces python-xattrpython-memcache
mkdir -p /etc/swiftchown -R swift:swift /etc/swift/创建/etc/swift/swift.conf# random unique string that can neverchange (DO NOT LOSE)swift_hash_path_suffix = ABCabcABC
apt-get install swift-proxy memcached创建SSL自签名证书cd /etc/swiftopenssl req -new -x509 -nodes -out cert.crt-keyout cert.key更改memcached的默认监听接口最好是本地IP不是公网的，在/etc/memcached.conf更改下面行：-l 127.0.0.1to-l <PROXY_LOCAL_NET_IP>重启memcached服务service memcached restart 创建/etc/swift/proxy-server.confbind_port = 8080user = swift
pipeline = catch_errors healthcheck cacheauthtoken keystone proxy-server
use = egg:swift#proxyaccount_autocreate = true
paste.filter_factory =keystone.middleware.swift_auth:filter_factoryoperator_roles = admin, swiftoperator
paste.filter_factory =keystone.middleware.auth_token:filter_factory# Delaying the auth decision is required tosupport token-less# usage for anonymous referrers ('.r:*').delay_auth_decision = trueservice_port = 5000service_host = 192.168.198.101auth_port = 35357auth_host = 192.168.198.101auth_token = adminadmin_token = admin
use = egg:swift#memcacheset log_name = cache
use = egg:swift#catch_errors
use = egg:swift#healthcheck如果运行多个memcached服务，在proxy-server.conf文件中下设置多个IP:porxy监听。cd /etc/swiftswift-ring-builder account.builder create18 1 1swift-ring-builder container.builder create18 1 1swift-ring-builder object.builder create 181 1每个存储设备节点添加以下条目到ring:swift-ring-builder account.builder addz1-192.168.198.103:6002/sda5 100swift-ring-builder container.builder addz1-192.168.198.103:6001/sda5 100swift-ring-builder object.builder add z1-192.168.198.103:6000/sda5100swift-ring-builder account.builderswift-ring-builder container.builderswift-ring-builder object.builderswift-ring-builder account.builderrebalanceswift-ring-builder container.builderrebalanceswift-ring-builder object.builder rebalance复制account.ring.gz, container.ring.gz, object.ring.gz文件到每一个代理和存储节点的/etc/swift下确保所有配置文件swift用户都有权限chown –Rswift:swift /etc/swift启动代理服务swift-init proxy start重新启动存储节点服务swift-init main start swift-init rest start

存储节点
# apt-get install swift openssh-serverrsync memcached python-netifaces python-xattrpython-memcache
mkdir -p /etc/swiftchown -R swift:swift /etc/swift/创建/etc/swift/swift.conf# random unique string that can neverchange (DO NOT LOSE)swift_hash_path_suffix = ABCabcABC
apt-get install swift-account swift-container swift-object xfsprogs对所有节点设备设置XFS卷（/dev/sdb是这里的实例）fdisk /dev/sda (set up a single partition)mkfs.xfs -i size=1024 /dev/sdbaecho "/dev/sda3 /srv/node/sda5 xfsnoatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstabmkdir -p /srv/node/sda5mount /srv/node/sda5chown -R swift:swift /srv/node创建/etc/rsyncd.confuid = swiftgid = swiftlog file = /var/log/rsyncd.logpid file = /var/run/rsyncd.pidaddress = 192.168.198.103
max connections = 2path = /srv/node/read only = falselock file = /var/lock/account.lock
max connections = 2path = /srv/node/read only = falselock file = /var/lock/container.lock
max connections = 2path = /srv/node/read only = falselock file = /var/lock/object.lock编辑/etc/default/rsync中下面的行RSYNC_ENABLE = true启动rsyncservice rsync start创建/etc/swift/account-server.confbind_ip = 192.168.198.103workers = 2
pipeline = account-server
use = egg:swift#account


创建/etc/swift/container-server.confbind_ip = 192.168.198.103workers = 2
pipeline = container-server
use = egg:swift#container




创建/etc/swift/object-server.confbind_ip = 192.168.198.103workers = 2
pipeline = object-server
use = egg:swift#object



启动存储服务swift-initobject-server startswift-init object-replicator startswift-init object-updater startswift-init object-auditor startswift-init container-server startswift-init container-replicatorstartswift-init container-updater startswift-init container-auditor startswift-init account-server startswift-init account-replicator startswift-init account-auditor start
Windows2008
这里windows2008我采用qcow2格式来制作镜像，流程和centos类似

用kvm-img创建一个10G大小的镜像文件：
kvm-img create -f qcow2 win2008.img 10G

因为windows没有默认的virtio驱动，所以先下载
wgethttp://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/virtio-win-0.1-15.iso
wget http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/virtio-win-1.1.16.vfd

启动kvm，映射驱动vfd到软盘A
kvm -m 1024 -cdrom en_windows_server_2008_r2_dvd.iso -drivefile=win2008.img,if=virtio,boot=on -fda virtio-win-1.1.16.vfd -boot d-nographic -vnc :1
用vnc访问安装，在安装的时候需要选择一下硬盘驱动，安装好以后，停掉虚拟机，重新用以下命令启动
kvm -m 1024 -drive file=win2008.img,if=virtio,boot=on -cdromvirtio-win-0.1-15.iso -net nic,model=virtio -net user -boot c -nographic -vnc:1
再用vnc访问，应该会提示自动安装好了virtio的网卡驱动

用glance添加这个镜像，指定格式为qcow2
glance add -A your_glance_token name="win2008" is_public=true disk_format=qcow2< win2008.img

这样就完成了


完成镜像以后，我们还可以在securitygroup里面添加3389和22端口，这样能够允许rdp和ssh访问对应的

191145685 发表于 2013-6-21 09:10:55

路过，学习下

喜旎果 发表于 2013-6-21 09:20:11

修养的艺术,其实就是说谎的艺术。

314598340 发表于 2013-6-21 09:21:49

穿别人的鞋，走自己的路，让他们找去吧。

上都海奶茶馆 发表于 2013-6-21 10:12:09

女，喜甜食，甚胖!该女有一癖好：痛恨蚂蚁，见必杀之。问其故曰：这小东西，那么爱吃甜食，腰还那么细!

liyeho 发表于 2013-6-21 10:26:42

长大了娶唐僧做老公，能玩就玩一玩，不能玩就把他吃掉。

-★出爺;3 发表于 2013-6-21 10:30:05

勃起不是万能的，但不能勃起却是万万都不能的!

查看完整版本: Ubuntu 12.04 安装 Openstack