OpenStack完整安装配置

搜诶符合你

　　
　　1. 安装ubuntu
　　ubuntu-12.04-server-amd64.iso
　　配置网络环境，当前网络地址假定为192.168.0.47
　　硬件环境dell r610
　　r610硬件支持KVM，在安装前需打开BIOS设置，具体设置如下：
　　PROCESS ... => VIRTUALIZATION  TECHNOLOGY => ENABLE 
　　
　　2. 安装配置OpenStack

       2.1：系统准备
2.1.1 更新ubuntu
sudo apt-get update
2.1.2 安装ntp
apt-get install ntp
配置/etc/ntp.conf
在server ntp.ubuntu.com iburst下面加
server 127.127.1.0
fudge 127.127.1.0 stratum 10
重启
service ntp restart
2.1.2 安装tgt、iscsi 、bridge-utils
apt-get install tgt
service tgt start
apt-get install open-iscsi open-iscsi-utils
apt-get install bridge-utils
/etc/init.d/networking restart
2.1.3 安装RabbitMQ
apt-get install rabbitmq-server memcached python-memcache
2.1.4 安装kvm
apt-get install kvm libvirt-bin
测试kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
参考《openstack安装问题》
2.2 安装Mysql、创建数据库和用户
apt-get install -y mysql-server python-mysqldb
修改配置文件/etc/mysql/my.conf
[client]
default-character-set=utf8
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
bind-address = 127.0.0.1=>bind-address = 0.0.0.0
重启
service mysql restart
创建库表
mysql -u root
#创建nova的数据库
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%'   IDENTIFIED BY 'pwd123456';
#创建glance的数据库
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%' IDENTIFIED BY 'pwd123456';
#创建keystone的数据库
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%' IDENTIFIED BY 'pwd123456';
2.3 安装配置Keystone
2.3.1 安装
apt-get install keystone python-keystone python-mysqldb python-keystoneclient
2.3.2 配置/etc/keystone/keystone.conf
[sql]
connection = mysql://keystonedbadmin:pwd123456@192.168.0.47/keystone
idle_timeout = 200
2.3.3 重启keystone
service keystone restart
2.3.4 初始化keystone的数据库
keystone-manage db_sync
2.3.5 创建gen_keystone_data.sh
文件内容如下：
#!/bin/bash
#
# Initial data for Keystone using python-keystoneclient
#
# Tenant               User      Roles
# ------------------------------------------------------------------
# admin                admin     admin
# service              glance    admin
# service              nova      admin, [ResellerAdmin (swift only)]
# service              quantum   admin        # if enabled
# service              swift     admin        # if enabled
# demo                 admin     admin
# demo                 demo      Member, anotherrole
# invisible_to_admin   demo      Member
#
# Variables set before calling this script:
# SERVICE_TOKEN - aka admin_token in keystone.conf
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory
## 运行脚本, 如果你修改的默认的用户名和密码，你需要修改脚本。修改两个地方
## 第一个是登录dashboard的pwd123456的密码  
## 第二个就是keystone的token
ADMIN_PASSWORD=${ADMIN_PASSWORD:-pwd123456}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
## #export SERVICE_TOKEN="hastexo"
export SERVICE_TOKEN="netqin"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
function get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)

# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@hastexo.com)
DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=demo@hastexo.com)

# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)

# Add Roles to Users in Tenants
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT

# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT

# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
执行文件
chmod +x gen_keystone_data.sh
./gen_keystone_data.sh  
##  顺利运行，会什么都没有输出  
##  #echo $?  
##  下面会输出0 ，表示正常。你就别再运行脚本  
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 user-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 role-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 tenant-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 service-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 endpoint-list
##  curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "pwd123456"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens|python -mjson.tool
##  看到这些，就说明keystone安装正常。  
2.3.6 修改环境变量
/etc/profile
添加如下：
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=pwd123456
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
export CREDS=$(keystone ec2-credentials-create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
立即启用
# source /etc/profile
查看：
# export | grep OS_
直接运行：
# keystone user-list
2.4 安装和配置glance
2.4.1 安装
apt-get install glance glance-api glance-client glance-common glance-registry python-glance
2.4.2 配置
2.4.2.1 配置/etc/glance/glance-api-paste.ini
## 修改文件最后3行，这些设置都是keystone导入数据的时候设置的。  
sed -i -e "  
s/%SERVICE_TENANT_NAME%/admin/g;  
s/%SERVICE_USER%/admin/g;  
s/%SERVICE_PASSWORD%/pwd123456/g;  
" /etc/glance/glance-api-paste.ini
2.4.2.2 配置/etc/glance/glance-registry-paste.ini
sed -i -e "  
s/%SERVICE_TENANT_NAME%/admin/g;  
s/%SERVICE_USER%/admin/g;  
s/%SERVICE_PASSWORD%/pwd123456/g;  
" /etc/glance/glance-registry-paste.ini        
2.4.2.3 配置/etc/glance/glance-registry.conf
## 修改  
## #sql_connection = sqlite:////var/lib/glance/glance.sqlite  
## sql_connection = mysql://glancedbadmin:pwd123456@192.168.0.47/glance
在末尾添加2行
[paste_deploy]
flavor = keystone  
2.4.2.4 配置/etc/glance/glance-api.conf
在末尾添加2行
[paste_deploy]
flavor = keystone
2.4.3 初始化glance数据库
glance-manage version_control 0
glance-manage db_sync
2.4.4 重启
service glance-api restart && service glance-registry restart
2.4.5 验证glance
glance index
2.4.6 配置镜像
2.4.6.1 配置ubuntu-12.04-server-cloudimg-amd64-disk1.img
wget http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ubuntu-12.04-server-cloudimg-amd64-disk1.img
2.4.6.2 配置precise-server-cloudimg-amd64-disk1.img  
get http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img  
glance add name="Ubuntu12.04-amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.img
2.4.6.3 验证glance
glance index
2.5 安装配置nova
2.5.1 安装
apt-get install nova-api nova-cert nova-common nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient
2.5.2 配置 /etc/nova/nova.conf
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=192.168.0.47
--ec2_host=192.168.0.47
--rabbit_host=192.168.0.47
--cc_host=192.168.0.47
--nova_url=http://192.168.0.47:8774/v1.1/
--routing_source_ip=192.168.0.47
--glance_api_servers=192.168.0.47:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.120
--sql_connection=mysql://novadbadmin:nq123456@192.168.0.47/nova
--ec2_url=http://192.168.0.47:8773/services/Cloud
--keystone_ec2_url=http://192.168.0.47:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
# libvirt_type=kvm 对应 /etc/nova/nova-compute.conf
--libvirt_type=kvm
#--libvirt_type=qemu
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
--novnc_enable=true
--novncproxy_base_url=http://192.168.0.47:6080/vnc_auto.html
--vncserver_proxyclient_address=127.0.0.1
--vncserver_listen=127.0.0.1
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br0
--floating_range=10.0.0.128/25
--flat_injected=False
--force_dhcp_release=true
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose=False
说明：
192.168.0.47 是当前机器的IP
floating_range 为VM的虚拟IP
iscsi_ip_prefix VM对应IP段
flat_interface 对应哪一个网卡
flat_network_bridge 对应哪一个网桥
2.5.3 启动、停止、重启nova
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" stop; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" start; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" restart; done
2.5.4 初始化nova数据库
nova-manage db sync
2.5.5 配置network给VMs
配置命令如下：
nova-manage network create private --fixed_range_v4=192.168.120.100/25 --num_networks=1 --bridge=br0 --bridge_interface=eth1 --network_size=128
使用情况如下：
--fixed_range_v4=192.168.120.100/25
--bridge=br0
--bridge_interface=eth
--network_size=128
chown -R nova:nova /etc/nova
创建浮点IP
nova-manage floating create --ip_range=10.0.0.128/25
2.5.6 创建虚拟机flavor
可以根据需求自定义flavor
# nova-manage flavor create --name=m1.minitest --memory=384 --cpu=1 --root_gb=1 --flavor=6 --ephemeral_gb=1  
2.5.7 检查
nova list
nova image-list
2.6 创建VM
2.6.1 查看是否有~/.ssh/id_rsa.pub文件
没有就生成：
ssh-keygen -t rsa
Generating public/private rsa key pair
Enter file in which to save the key (/root/.ssh/id_rsa): /home/user/.ssh/id_rsa
Enter passphrase (empty for no passphrase):******
Enter same passphrase again: ******
/home/user/.ssh/id_rsa.pub
2.6.2 创建公钥
nova keypair-add --pub_key ~/.ssh/id_rsa.pub key1
2.6.3 根据镜像创建VM
nova list
nova image-list
nova flavor-list
nova boot --flavor 1 --image f13d2626-5873-484f-957f-6945860afba4 --key_name key1 could01
说明：
--flavor 1 选择vm配置
--image f13d2626-5873-484f-957f-6945860afba4 镜像id
--key_name key1 公钥为key1
could01 生成的Intance为could01
2.6.4 配置防火墙
hastexo配置如下：
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
全开如下：
nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0  
nova secgroup-add-rule default udp 1 65535 0.0.0.0/0  
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
2.6.5 查看vm
nova show $id
$id 是vm的id
2.6.6 配置虚拟ip
nova floating-ip-create
显示生成的浮点ip
nova add-floating-ip $id $ip
eg:
nova add-floating-ip ee4bdc5b-bf36-4f08-9dd0-7bc1d199bea4 10.0.0.129
$id 是vm的id
2.6.7 登录vm
ssh -i ~/.ssh/id_rsa ubuntu@10.0.0.129
输入密码：pwd123456
2.7 openstack-dashboard安装配置
2.7.1 安装
apt-get install apache2 libapache2-mod-wsgi openstack-dashboard
2.7.2 配置/etc/openstack-dashboard/local_settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
2.7.3 重启apache2
service apache2 restart
2.7.4 访问
http://192.168.0.47
user:admin
pwd:pwd123456
2.7.5 view & manage  
nova list  
nova show cloud01
2.8 配置nova-volume
2.8.1 创建volume
nova volume-create --display_name "volume1" 1
2.8.2 配置给Vm
nova volume-attach could01 1 /dev/vdb
2.8.3 查看
nova volume-list
2.9  安装结束
SUCCESS！
 　　
　　
　　3. 参考地址：
　　官方OpenStack
　　www.openstack.org
　　国内OpenStack社区
　　www.openstack.org.cn
　　国内技术博客-陈沙克
　　http://hi.baidu.com/chenshake
　　OpenStack 架构  
　　http://blog.csdn.net/anghlq/article/details/6543880
　　Ubuntu12.04安装OpenStack文档（入门指南）
　　http://docs.openstack.org/essex/openstack-compute/starter/content/
　　Installing OpenStack Essex (2012.1) on Ubuntu 12.04 ("Precise Pangolin")（原文）
　　http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin 
　　“OpenStack Documentation”team（文档、bug报告）
　　https://launchpad.net/~openstack-doc
　　Quora上关于openstack的话题
　　http://www.quora.com/OpenStack
　　stackoverflow上关于openstack资源的讨论
　　http://stackoverflow.com/questions/5882333/good-tutorials-and-resources-for-openstack
　　hastexo安装配置
　　http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin
　　安装配置
　　http://blog.csdn.net/hilyoo/article/details/7696169
　　OpenStack在线文档
　　http://docs.openstack.org