# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@hastexo.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
执行文件
chmod +x gen_keystone_data.sh
./gen_keystone_data.sh
## 顺利运行,会什么都没有输出
## #echo $?
## 下面会输出0 ,表示正常。你就别再运行脚本
## keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 user-list
## keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 role-list
## keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 tenant-list
## keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 service-list
## keystone --token netqin --endpoint http://192.168.0.47:35357/v2.0 endpoint-list
## curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "pwd123456"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens|python -mjson.tool
## 看到这些,就说明keystone安装正常。
2.3.6 修改环境变量
/etc/profile
添加如下:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=pwd123456
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export EC2_URL=$(keystone catalog --service ec2 | awk '/ publicURL / { print $4 }')
export CREDS=$(keystone ec2-credentials-create)
export EC2_ACCESS_KEY=$(echo "$CREDS" | awk '/ access / { print $4 }')
export EC2_SECRET_KEY=$(echo "$CREDS" | awk '/ secret / { print $4 }')
立即启用
# source /etc/profile
查看:
# export | grep OS_
直接运行:
# keystone user-list
2.4 安装和配置glance
2.4.1 安装
apt-get install glance glance-api glance-client glance-common glance-registry python-glance
2.4.2 配置
2.4.2.1 配置/etc/glance/glance-api-paste.ini
## 修改文件最后3行,这些设置都是keystone导入数据的时候设置的。
sed -i -e "
s/%SERVICE_TENANT_NAME%/admin/g;
s/%SERVICE_USER%/admin/g;
s/%SERVICE_PASSWORD%/pwd123456/g;
" /etc/glance/glance-api-paste.ini
2.4.2.2 配置/etc/glance/glance-registry-paste.ini
sed -i -e "
s/%SERVICE_TENANT_NAME%/admin/g;
s/%SERVICE_USER%/admin/g;
s/%SERVICE_PASSWORD%/pwd123456/g;
" /etc/glance/glance-registry-paste.ini
2.4.2.3 配置/etc/glance/glance-registry.conf
## 修改
## #sql_connection = sqlite:////var/lib/glance/glance.sqlite
## sql_connection = mysql://glancedbadmin:pwd123456@192.168.0.47/glance
在末尾添加2行
[paste_deploy]
flavor = keystone
2.4.2.4 配置/etc/glance/glance-api.conf
在末尾添加2行
[paste_deploy]
flavor = keystone
2.4.3 初始化glance数据库
glance-manage version_control 0
glance-manage db_sync
2.4.4 重启
service glance-api restart && service glance-registry restart
2.4.5 验证glance
glance index
2.4.6 配置镜像
2.4.6.1 配置ubuntu-12.04-server-cloudimg-amd64-disk1.img
wget http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ubuntu-12.04-server-cloudimg-amd64-disk1.img
2.4.6.2 配置precise-server-cloudimg-amd64-disk1.img
get http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu12.04-amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.img
2.4.6.3 验证glance
glance index
2.5 安装配置nova
2.5.1 安装
apt-get install nova-api nova-cert nova-common nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient
2.5.2 配置 /etc/nova/nova.conf
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=192.168.0.47
--ec2_host=192.168.0.47
--rabbit_host=192.168.0.47
--cc_host=192.168.0.47
--nova_url=http://192.168.0.47:8774/v1.1/
--routing_source_ip=192.168.0.47
--glance_api_servers=192.168.0.47:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.120
--sql_connection=mysql://novadbadmin:nq123456@192.168.0.47/nova
--ec2_url=http://192.168.0.47:8773/services/Cloud
--keystone_ec2_url=http://192.168.0.47:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
# libvirt_type=kvm 对应 /etc/nova/nova-compute.conf
--libvirt_type=kvm
#--libvirt_type=qemu
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
--novnc_enable=true
--novncproxy_base_url=http://192.168.0.47:6080/vnc_auto.html
--vncserver_proxyclient_address=127.0.0.1
--vncserver_listen=127.0.0.1
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br0
--floating_range=10.0.0.128/25
--flat_injected=False
--force_dhcp_release=true
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose=False
说明:
192.168.0.47 是当前机器的IP
floating_range 为VM的虚拟IP
iscsi_ip_prefix VM对应IP段
flat_interface 对应哪一个网卡
flat_network_bridge 对应哪一个网桥
2.5.3 启动、停止、重启nova
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" stop; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" start; done
for a in libvirt-bin nova-network nova-compute nova-cert nova-api nova-objectstore nova-scheduler nova-volume novnc nova-consoleauth; do service "$a" restart; done
2.5.4 初始化nova数据库
nova-manage db sync
2.5.5 配置network给VMs
配置命令如下:
nova-manage network create private --fixed_range_v4=192.168.120.100/25 --num_networks=1 --bridge=br0 --bridge_interface=eth1 --network_size=128
使用情况如下:
--fixed_range_v4=192.168.120.100/25
--bridge=br0
--bridge_interface=eth
--network_size=128
chown -R nova:nova /etc/nova
创建浮点IP
nova-manage floating create --ip_range=10.0.0.128/25
2.5.6 创建虚拟机flavor
可以根据需求自定义flavor
# nova-manage flavor create --name=m1.minitest --memory=384 --cpu=1 --root_gb=1 --flavor=6 --ephemeral_gb=1
2.5.7 检查
nova list
nova image-list
2.6 创建VM
2.6.1 查看是否有~/.ssh/id_rsa.pub文件
没有就生成:
ssh-keygen -t rsa
Generating public/private rsa key pair
Enter file in which to save the key (/root/.ssh/id_rsa): /home/user/.ssh/id_rsa
Enter passphrase (empty for no passphrase):******
Enter same passphrase again: ******
/home/user/.ssh/id_rsa.pub
2.6.2 创建公钥
nova keypair-add --pub_key ~/.ssh/id_rsa.pub key1
2.6.3 根据镜像创建VM
nova list
nova image-list
nova flavor-list
nova boot --flavor 1 --image f13d2626-5873-484f-957f-6945860afba4 --key_name key1 could01
说明:
--flavor 1 选择vm配置
--image f13d2626-5873-484f-957f-6945860afba4 镜像id
--key_name key1 公钥为key1
could01 生成的Intance为could01
2.6.4 配置防火墙
hastexo配置如下:
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
全开如下:
nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0
nova secgroup-add-rule default udp 1 65535 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
2.6.5 查看vm
nova show $id
$id 是vm的id
2.6.6 配置虚拟ip
nova floating-ip-create
显示生成的浮点ip
nova add-floating-ip $id $ip
eg:
nova add-floating-ip ee4bdc5b-bf36-4f08-9dd0-7bc1d199bea4 10.0.0.129
$id 是vm的id
2.6.7 登录vm
ssh -i ~/.ssh/id_rsa ubuntu@10.0.0.129
输入密码:pwd123456
2.7 openstack-dashboard安装配置
2.7.1 安装
apt-get install apache2 libapache2-mod-wsgi openstack-dashboard
2.7.2 配置/etc/openstack-dashboard/local_settings.py
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
2.7.3 重启apache2
service apache2 restart
2.7.4 访问
http://192.168.0.47
user:admin
pwd:pwd123456
2.7.5 view & manage
nova list
nova show cloud01
2.8 配置nova-volume
2.8.1 创建volume
nova volume-create --display_name "volume1" 1
2.8.2 配置给Vm
nova volume-attach could01 1 /dev/vdb
2.8.3 查看
nova volume-list
2.9 安装结束
SUCCESS!