设为首页 收藏本站
查看: 912|回复: 0

[经验分享] OpenStack完整安装配置

[复制链接]
发表于 2016-1-9 07:16:13 | 显示全部楼层 |阅读模式
  
  1. 安装ubuntu
  ubuntu-12.04-server-amd64.iso
  配置网络环境,当前网络地址假定为192.168.0.47
  硬件环境dell r610
  r610硬件支持KVM,在安装前需打开BIOS设置,具体设置如下:
  PROCESS ... => VIRTUALIZATION  TECHNOLOGY => ENABLE 
  
  2. 安装配置OpenStack


       2.1:系统准备
2.1.1 更新ubuntu
sudo apt-get update
2.1.2 安装ntp
apt-get install ntp
配置/etc/ntp.conf
在server ntp.ubuntu.com iburst下面加
server 127.127.1.0
fudge 127.127.1.0 stratum 10
重启
service ntp restart
2.1.2 安装tgt、iscsi 、bridge-utils
apt-get install tgt
service tgt start
apt-get install open-iscsi open-iscsi-utils
apt-get install bridge-utils
/etc/init.d/networking restart
2.1.3 安装RabbitMQ
apt-get install rabbitmq-server memcached python-memcache
2.1.4 安装kvm
apt-get install kvm libvirt-bin
测试kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used
参考《openstack安装问题》
2.2 安装Mysql、创建数据库和用户
apt-get install -y mysql-server python-mysqldb
修改配置文件/etc/mysql/my.conf
[client]
default-character-set=utf8
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
bind-address = 127.0.0.1=>bind-address = 0.0.0.0
重启
service mysql restart
创建库表
mysql -u root
#创建nova的数据库
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%'   IDENTIFIED BY 'pwd123456';
#创建glance的数据库
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%' IDENTIFIED BY 'pwd123456';
#创建keystone的数据库
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%' IDENTIFIED BY 'pwd123456';
2.3 安装配置Keystone
2.3.1 安装
apt-get install keystone python-keystone python-mysqldb python-keystoneclient
2.3.2 配置/etc/keystone/keystone.conf
[sql]
connection = mysql://keystonedbadmin:pwd123456@192.168.0.47/keystone
idle_timeout = 200
2.3.3 重启keystone
service keystone restart
2.3.4 初始化keystone的数据库
keystone-manage db_sync
2.3.5 创建gen_keystone_data.sh
文件内容如下:
#!/bin/bash
#
# Initial data for Keystone using python-keystoneclient
#
# Tenant               User      Roles
# ------------------------------------------------------------------
# admin                admin     admin
# service              glance    admin
# service              nova      admin, [ResellerAdmin (swift only)]
# service              quantum   admin        # if enabled
# service              swift     admin        # if enabled
# demo                 admin     admin
# demo                 demo      Member, anotherrole
# invisible_to_admin   demo      Member
#
# Variables set before calling this script:
# SERVICE_TOKEN - aka admin_token in keystone.conf
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory
## 运行脚本, 如果你修改的默认的用户名和密码,你需要修改脚本。修改两个地方
## 第一个是登录dashboard的pwd123456的密码  
## 第二个就是keystone的token
ADMIN_PASSWORD=${ADMIN_PASSWORD:-pwd123456}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
## #export SERVICE_TOKEN="hastexo"
export SERVICE_TOKEN="netqin"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
function get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)

# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@hastexo.com)
DEMO_USER=$(get_id keystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=demo@hastexo.com)

# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)

# Add Roles to Users in Tenants
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT

# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT

# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
执行文件
chmod +x gen_keystone_data.sh
./gen_keystone_data.sh  
##  顺利运行,会什么都没有输出  
##  #echo $?  
##  下面会输出0 ,表示正常。你就别再运行脚本  
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 user-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 role-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 tenant-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 service-list
##  keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 endpoint-list
##  curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "pwd123456"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens|python -mjson.tool
##  看到这些,就说明keystone安装正常。  
2.3.6 修改环境变量
/etc/profile
添加如下:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=pwd123456
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
export CREDS=$(keystone ec2-credentials-create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
立即启用
# source /etc/profile
查看:
# export | grep OS_
直接运行:
# keystone user-list
2.4 安装和配置glance
2.4.1 安装
apt-get install glance glance-api glance-client glance-common glance-registry python-glance
2.4.2 配置
2.4.2.1 配置/etc/glance/glance-api-paste.ini
## 修改文件最后3行,这些设置都是keystone导入数据的时候设置的。  
sed -i -e "  
s/%SERVICE_TENANT_NAME%/admin/g;  
s/%SERVICE_USER%/admin/g;  
s/%SERVICE_PASSWORD%/pwd123456/g;  
" /etc/glance/glance-api-paste.ini
2.4.2.2 配置/etc/glance/glance-registry-paste.ini
sed -i -e "  
s/%SERVICE_TENANT_NAME%/admin/g;  
s/%SERVICE_USER%/admin/g;  
s/%SERVICE_PASSWORD%/pwd123456/g;  
" /etc/glance/glance-registry-paste.ini        
2.4.2.3 配置/etc/glance/glance-registry.conf
## 修改  
## #sql_connection = sqlite:////var/lib/glance/glance.sqlite  
## sql_connection = mysql://glancedbadmin:pwd123456@192.168.0.47/glance
在末尾添加2行
[paste_deploy]
flavor = keystone  
2.4.2.4 配置/etc/glance/glance-api.conf
在末尾添加2行
[paste_deploy]
flavor = keystone
2.4.3 初始化glance数据库
glance-manage version_control 0
glance-manage db_sync
2.4.4 重启
service glance-api restart && service glance-registry restart
2.4.5 验证glance
glance index
2.4.6 配置镜像
2.4.6.1 配置ubuntu-12.04-server-cloudimg-amd64-disk1.img
wget http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ubuntu-12.04-server-cloudimg-amd64-disk1.img
2.4.6.2 配置precise-server-cloudimg-amd64-disk1.img  
get http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img  
glance add name="Ubuntu12.04-amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.img
2.4.6.3 验证glance
glance index
2.5 安装配置nova
2.5.1 安装
apt-get install nova-api nova-cert nova-common nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient
2.5.2 配置 /etc/nova/nova.conf
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=192.168.0.47
--ec2_host=192.168.0.47
--rabbit_host=192.168.0.47
--cc_host=192.168.0.47
--nova_url=http://192.168.0.47:8774/v1.1/
--routing_source_ip=192.168.0.47
--glance_api_servers=192.168.0.47:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.120
--sql_connection=mysql://novadbadmin:nq123456@192.168.0.47/nova
--ec2_url=http://192.168.0.47:8773/services/Cloud
--keystone_ec2_url=http://192.168.0.47:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
# libvirt_type=kvm 对应 /etc/nova/nova-compute.conf
--libvirt_type=kvm
#--libvirt_type=qemu
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
--novnc_enable=true
--novncproxy_base_url=http://192.168.0.47:6080/vnc_auto.html
--vncserver_proxyclient_address=127.0.0.1
--vncserver_listen=127.0.0.1
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br0
--floating_range=10.0.0.128/25
--flat_injected=False
--force_dhcp_release=true
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose=False
说明:
192.168.0.47 是当前机器的IP
floating_range 为VM的虚拟IP
iscsi_ip_prefix VM对应IP段
flat_interface 对应哪一个网卡
flat_network_bridge 对应哪一个网桥
2.5.3 启动、停止、重启nova
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" stop; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" start; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" restart; done
2.5.4 初始化nova数据库
nova-manage db sync
2.5.5 配置network给VMs
配置命令如下:
nova-manage network create private --fixed_range_v4=192.168.120.100/25 --num_networks=1 --bridge=br0 --bridge_interface=eth1 --network_size=128
使用情况如下:
--fixed_range_v4=192.168.120.100/25
--bridge=br0
--bridge_interface=eth
--network_size=128
chown -R nova:nova /etc/nova
创建浮点IP
nova-manage floating create --ip_range=10.0.0.128/25
2.5.6 创建虚拟机flavor
可以根据需求自定义flavor
# nova-manage flavor create --name=m1.minitest --memory=384 --cpu=1 --root_gb=1 --flavor=6 --ephemeral_gb=1  
2.5.7 检查
nova list
nova image-list
2.6 创建VM
2.6.1 查看是否有~/.ssh/id_rsa.pub文件
没有就生成:
ssh-keygen -t rsa
Generating public/private rsa key pair
Enter file in which to save the key (/root/.ssh/id_rsa): /home/user/.ssh/id_rsa
Enter passphrase (empty for no passphrase):******
Enter same passphrase again: ******
/home/user/.ssh/id_rsa.pub
2.6.2 创建公钥
nova keypair-add --pub_key ~/.ssh/id_rsa.pub key1
2.6.3 根据镜像创建VM
nova list
nova image-list
nova flavor-list
nova boot --flavor 1 --image f13d2626-5873-484f-957f-6945860afba4 --key_name key1 could01
说明:
--flavor 1 选择vm配置
--image f13d2626-5873-484f-957f-6945860afba4 镜像id
--key_name key1 公钥为key1
could01 生成的Intance为could01
2.6.4 配置防火墙
hastexo配置如下:
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
全开如下:
nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0  
nova secgroup-add-rule default udp 1 65535 0.0.0.0/0  
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
2.6.5 查看vm
nova show $id
$id 是vm的id
2.6.6 配置虚拟ip
nova floating-ip-create
显示生成的浮点ip
nova add-floating-ip $id $ip
eg:
nova add-floating-ip ee4bdc5b-bf36-4f08-9dd0-7bc1d199bea4 10.0.0.129
$id 是vm的id
2.6.7 登录vm
ssh -i ~/.ssh/id_rsa ubuntu@10.0.0.129
输入密码:pwd123456
2.7 openstack-dashboard安装配置
2.7.1 安装
apt-get install apache2 libapache2-mod-wsgi openstack-dashboard
2.7.2 配置/etc/openstack-dashboard/local_settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
2.7.3 重启apache2
service apache2 restart
2.7.4 访问
http://192.168.0.47
user:admin
pwd:pwd123456
2.7.5 view & manage  
nova list  
nova show cloud01
2.8 配置nova-volume
2.8.1 创建volume
nova volume-create --display_name "volume1" 1
2.8.2 配置给Vm
nova volume-attach could01 1 /dev/vdb
2.8.3 查看
nova volume-list
2.9  安装结束
SUCCESS!
   
  
  3. 参考地址:
  官方OpenStack
  www.openstack.org
  国内OpenStack社区
  www.openstack.org.cn
  国内技术博客-陈沙克
  http://hi.baidu.com/chenshake
  OpenStack 架构  
  http://blog.csdn.net/anghlq/article/details/6543880
  Ubuntu12.04安装OpenStack文档(入门指南)
  http://docs.openstack.org/essex/openstack-compute/starter/content/
  Installing OpenStack Essex (2012.1) on Ubuntu 12.04 ("Precise Pangolin")(原文)
  http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin 
  “OpenStack Documentation”team(文档、bug报告)
  https://launchpad.net/~openstack-doc
  Quora上关于openstack的话题
  http://www.quora.com/OpenStack
  stackoverflow上关于openstack资源的讨论
  http://stackoverflow.com/questions/5882333/good-tutorials-and-resources-for-openstack
  hastexo安装配置
  http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin
  安装配置
  http://blog.csdn.net/hilyoo/article/details/7696169
  OpenStack在线文档
  http://docs.openstack.org

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-162025-1-1.html 上篇帖子: openstack安装笔记 Neutron(未完成)(六) 下篇帖子: 云计算和openstack
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表