控制节点 192.168.198.101 计算机点 192.168.198.102 代理节点 192.168.198.104 存储节点 192.168.198.103
所有机器运行 sudo apt-get update sudo apt-get upgrade sudo apt-get install -y ntp sudo sed -i 's/server ntp.ubuntu.com/serverntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g'/etc/ntp.conf sudo service ntp restart
控制节点 apt-get install tgt open-iscsi open-iscsi-utils fdisk /dev/sda 分一个空的分区出来这里为/dev/sda5 partprobe pvcreate /dev/sda5 vgcreate nova-volumes /dev/sda5
Keystonesudo apt-get install keystonesudo su -rm /var/lib/keystone/keystone.dbapt-get install python-mysqldb mysql-server (password:mysql)sed –i ‘s/127.0.0.1/0.0.0.0/g’ /etc/mysql/my.cnfservice mysql restartmysql –u root –pmysql> CREATE DATABASE keystone; mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystonepassword'; mysql> quitvim /etc/keystone/keystone.confconnection = sqlite:////var/lib/keystone/keystone.db改为connection = mysql://keystone:[YOUR_KEYSTONE_PASSWORD]@192.168.198.101/keystoneadmin_token = admin 默认为ADMIN,可更改为自己想要的sudo service keystone restart keystone-manage db_sync配置keystone
创建租户(admin) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 tenant-create --name admin --description "admin" --enabled true
创建用户(admin) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id [admin_ID] --name admin --pass admin --enabled true创建两个角色(admin, memberRole) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 role-create --name adminkeystone --token admin --endpoint http://192.168.198.101:35357/v2.0 role-create --name MemberRole为创建的用户绑定角色 keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-role-add --user [admin_ID] --tenant_id [admin_ID] --role [admin_ID]创建租户(service) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 tenant-create --name service --description "service" --enabled true
创建用户(nova) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id [service_ID] --name nova --pass nova --enabled true为创建的用户绑定角色 keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user [nova_ID] --tenant_id [Service_ID] --role [admin_ID]
创建用户(glance) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id [service_ID] --name glance --pass glance --enabled true
为创建的用户绑定角色 keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user [glance_ID] --tenant_id [Service_ID] --role [admin_ID]创建用户(swift) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id [service_ID] --name swift --pass swift --enabled true
为创建的用户绑定角色 keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user [swifte_ID] --tenant_id [Service_ID] --role [admin_ID]
创建用户(ec2) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0 user-create --tenant_id [service_ID] --name ec2 --pass ec2 --enabled true
为创建的用户绑定角色 keystone --token admin --endpoint http://192.168. 198.101:35357/v2.0 user-role-add --user [ec2_ID] --tenant_id [Service_ID] --role [admin_ID]启用Keystone 为了使Swift与S3 API兼容,需在keystone.conf文件中定义一个新的过滤器并启用它 定义过滤器 [filter:s3_extension]paste.filter_factory = keystone.contrib.s3:S3Extension.factory启用并更新admin_api行 [pipeline:admin_api]pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service更新为 [pipeline:admin_api]pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service定义服务 可使用模板文件或后端数据库两种方法来定义 使用后端数据库来下义的话keystone.conf配置文件中应包含以下两行 [catalog]driver = keystone.catalog.backends.sql.Catalog创建keystone服务,类型为identity keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=keystone --type=identity --description="Keystone Identity Service"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[keystone_id] --publicurl=http://192.168.198.101:5000/v2.0 --internalurl=http://192.168.198.101:5000/v2.0 --adminurl=http://192.168.198.101:35357/v2.0创建nova服务,类型为compute keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=nova --type=compute --description="Nova Compute Service"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[nova_ID] --publicurl='http://192.168.198.101:8774/v2/%(tenant_id)s' --internalurl='http://192.168.198.101:8774/v2/%(tenant_id)s' --adminurl='http://192.168.198.101:8774/v2/%(tenant_id)s'创建volume服务,类型为 volume keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=volume --type=volume --description="Nova Volume Service"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[volume_ID] --publicurl='http://192.168.198.101:8776/v1/%(tenant_id)s' --internalurl='http://192.168.198.101:8776/v1/%(tenant_id)s' --adminurl='http://192.168.198.101:8776/v1/%(tenant_id)s'创建glance服务,类型为 image keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=glance --type=image --description="Glance Image Service"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[glance_ID] --publicurl=http://192.168.198.101:9292/v1 --internalurl=http://192.168.198.101:9292/v1 --adminurl=http://192.168.198.101:9292/v1创建ec2服务,类型为 ec2 keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=ec2 --type=ec2 --description="EC2 Compatibility layer"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[ec2_ID] --publicurl=http://192.168.198.101:8773/services/Cloud --internalurl=http://192.168.198.101:8773/services/Cloud --adminurl=http://192.168.198.101:8773/services/Admin创建swift服务,类型为 object-store keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ service-create --name=swift --type=object-store --description="Object Storage Service"创建服务入口(endpoint) keystone --token admin --endpoint http://192.168.198.101:35357/v2.0/ endpoint-create --region RegionOne --service_id=[swift_ID] --publicurl='https://192.168.198.104:8080/v1/AUTH_%(tenant_id)s' –adminurl='https://192.168.198.104:8080/' --internalurl='https://192.168.198.104:8080/v1/AUTH_%(tenant_id)s'核实Keystone的安装
exportADMIN_TOKEN=admin exportOS_USERNAME=admin exportOS_PASSWORD=admin exportOS_TENANT_NAME=admin exportOS_AUTH_URL=http://127.0.0.1:5000/v2.0/ 然后用 keystone user-list keystone role-list keystone tenant-list来查看Glanceapt-get install glance rm /var/lib/glance/glance.sqlite mysql –u root –pmysql> CREATE DATABASE glance;mysql> GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glancepassword';mysql> quit 更新/etc/glance/glance-api-paste.ini [filter:authtoken]admin_tenant_name = serviceadmin_user = glanceadmin_password = glance增加下面的两行到/etc/glance/glance-api.conf [paste_deploy]flavor = keystone增加下列两行到/etc/glance/glance-registry.conf [paste_deploy]flavor = keystone更新/etc/glance/glance-registry-paste.ini [filter:authtoken]admin_tenant_name = serviceadmin_user = glanceadmin_password = glance
更新glance-registry-paste.init pipeline行的内容为 [pipeline:glance-registry]#pipeline = context registryapp# NOTE: use the following pipeline for keystonepipeline = authtoken auth-context context registryapp更改/etc/glance/glance-registry.conf连接mysql sql_connection = mysql://glance:yourpassword@192.168.18.129/glanceglance-manage version_control 0 glance-manage db_syncservice glance-registry restart service glance-api restart测试glanceglance index 无输出是正常下载imagecd ~wget https://launchpad.net/cirros/tru ... 3.0-x86_64-disk.img wget http://cloud-images.ubuntu.com/p ... img-amd64-disk1.img 上传imageglance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < cirros-0.3.0-x86_64-disk.imgglance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < precise-server-cloudimg-amd64-disk1.imgglance index 准备配置网络
在一块单一的网卡上使用FlatDHCP网络模式 /etc/network/interfaces eth0:公网IP、网关 br100: 节点之间的通信 # The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceauto eth0iface eth0 inet dhcp# Bridge network interface for VM networks auto br100 iface br100 inet static address 10.0.0.1 netmask 255.255.255.0 bridge_stp offbridge_fd 0
安装bridge-utils sudo apt-get install bridge-utils确保Bridge的设置,如果在nova.conf文件中添加了flat_network_bridge=br100,当nova-manage network运行时会自动开启 sudo brctl addbr br100Novamysql –u root –pmysql> CREATE DATABASE nova;mysql> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'novapassword';mysql> quitapt-get install rabbitmq-serverapt-get install nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-networkkvm nova-objectstore nova-compute-kvm编辑 /etc/nova/api-paste.ini , 修改末尾3行#admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin_user = novaadmin_password = nova编辑/etc/nova/nova.conf 文件,[DEFAULT]###### LOGS/STATE#verbose=Trueverbose=False###### AUTHENTICATIONauth_strategy=keystone###### SCHEDULER#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedulerscheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMESvolume_group=nova-volumesvolume_name_template=volume-%08xiscsi_helper=tgtadm###### DATABASEsql_connection=mysql://nova:novapassword@192.168.198.101/nova###### COMPUTElibvirt_type=kvm#libvirt_type=qemuconnection_type=libvirtinstance_name_template=instance-%08xapi_paste_config=/etc/nova/api-paste.iniallow_resize_to_same_host=Truelibvirt_use_virtio_for_bridges=truestart_guests_on_host_boot=trueresume_guests_state_on_host_boot=true###### APISosapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensionsallow_admin_api=trues3_host=192.168.198.101cc_host=192.168.198.101###### RABBITMQrabbit_host=192.168.198.101###### GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.198.101:9292###### NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0flat_interface=eth0flat_network_bridge=br100fixed_range=10.0.0.0/24multi_host=true###### NOVNC CONSOLEnovnc_enabled=truenovncproxy_base_url= http://192.168.198.101:6080/vnc_auto.htmlvncserver_proxyclient_address=192.168.198.101vncserver_listen=192.168.198.101########Novalogdir=/var/log/novastate_path=/var/lib/novalock_path=/var/lock/nova#####MISCuse_deprecated_auth=falseroot_helper=sudo nova-rootwrap设置目录权限chown -R nova:nova /etc/nova创建重启nova脚本vim /restart.sh#!/bin/bashfor a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novnc nova-consoleauth; do service "$a" stop; donefor a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novnc nova-consoleauth; do service "$a" start; donebash /restart.sh同步数据库nova-manage db sync 创建Fix IPFIX IP,就是分配给虚拟机的实际IP地址。这些数据都会写入数据库nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br100 --bridge_interface=eth0 --network_size=256 –multi_host=T创建floating IP所谓Floating IP,是亚马逊EC2的定义。简单说,就是公网的IP。他其实是通过类似防火墙类似,做一个映射。实际上是通过iptables来实现映射.nova-manage floating create –ip_range=192.168.198.32/27Dashboardapt-get install -ymemcached libapache2-mod-wsgi openstack-dashboard vim /etc/openstack-dashboard/local_settings.pyCACHE_BACKEND = ‘memcached://127.0.0.1:11211/’mysql –u root –pmysql> CREATE DATABASE dash;mysql> GRANT ALL ON dash.* TO 'dash'@'%' IDENTIFIED BY 'dashpassword';mysql> quit然后配置local_settings.py或使用manage.py syncdb命令构建数据库 vim /etc/openstack-dashboard/local_settings.pyDATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'dash', 'USER': 'dash', 'PASSWORD': 'dashpassword', 'HOST': '192.168.198.101', 'default-character-set': 'utf8' },} 更改这些设置连接到Mysql数据库 $ /usr/share/openstack-dashboard/manage.py syncdb 如果你不想看到apache的警告,创建下面目录在dashboard下 sudo mkdir –p /var/lib/dash/.blackhole重启服务 /etc/init.d/apache2 restartsudo restart nova-api计算机节点sudo apt-get install nova-api nova-network nova-compute nova-common nova-compute-kvm python-nova python-novaclient python-keystone python-keystoneclient mysql-clientvim /etc/nova/api-paste.ini admin_tenant_name = serviceadmin_user = novaadmin_password = chenshakevim /etc/nova/nova.conf [DEFAULT]##### LOGS/STATE#verbose=Trueverbose=False###### AUTHENTICATIONauth_strategy=keystone###### SCHEDULER#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterSchedulerscheduler_driver=nova.scheduler.simple.SimpleScheduler###### VOLUMESvolume_group=nova-volumesvolume_name_template=volume-%08xiscsi_helper=tgtadm###### DATABASEsql_connection=mysql://nova:novapassword@192.168.198.101/nova###### COMPUTElibvirt_type=kvm#libvirt_type=qemuconnection_type=libvirtinstance_name_template=instance-%08xapi_paste_config=/etc/nova/api-paste.iniallow_resize_to_same_host=Truelibvirt_use_virtio_for_bridges=truestart_guests_on_host_boot=trueresume_guests_state_on_host_boot=true###### APISosapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensionsallow_admin_api=trues3_host=192.168.198.101cc_host=192.168.198.101###### RABBITMQrabbit_host=192.168.198.101###### GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.198.101:9292###### NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0flat_interface=eth0flat_network_bridge=br100fixed_range=10.0.0.0/24multi_host=true###### NOVNC CONSOLEnovnc_enabled=truenovncproxy_base_url= http://192.168.198.101:6080/vnc_auto.htmlvncserver_proxyclient_address=192.168.198.102vncserver_listen=192.168.198.102########Novalogdir=/var/log/novastate_path=/var/lib/novalock_path=/var/lock/nova#####MISCuse_deprecated_auth=falseroot_helper=sudo nova-rootwrapchown -R nova:nova /etc/novavim /restart.sh#!/bin/bashfor a in libvirt-bin nova-network nova-compute \nova-api ; do service "$a" stop; donefor a in libvirt-bin nova-network nova-compute \nova-api ; do service "$a" start; donebash /restart.sh代理节点# apt-get install swift openssh-server rsync memcached python-netifaces python-xattrpython-memcache
mkdir -p /etc/swift chown -R swift:swift /etc/swift/ 创建/etc/swift/swift.conf [swift-hash] # random unique string that can neverchange (DO NOT LOSE) swift_hash_path_suffix = ABCabcABC
apt-get install swift-proxy memcached创建SSL自签名证书cd /etc/swift openssl req -new -x509 -nodes -out cert.crt-keyout cert.key 更改memcached的默认监听接口最好是本地IP不是公网的,在/etc/memcached.conf更改下面行:-l 127.0.0.1 to -l <PROXY_LOCAL_NET_IP> 重启memcached服务service memcached restart 创建/etc/swift/proxy-server.conf[DEFAULT] bind_port = 8080 user = swift
[pipeline:main] pipeline = catch_errors healthcheck cacheauthtoken keystone proxy-server
[app:proxy-server] use = egg:swift#proxy account_autocreate = true
[filter:keystone] paste.filter_factory =keystone.middleware.swift_auth:filter_factory operator_roles = admin, swiftoperator
[filter:authtoken] paste.filter_factory =keystone.middleware.auth_token:filter_factory # Delaying the auth decision is required tosupport token-less # usage for anonymous referrers ('.r:*'). delay_auth_decision = true service_port = 5000 service_host = 192.168.198.101 auth_port = 35357 auth_host = 192.168.198.101 auth_token = admin admin_token = admin
[filter:cache] use = egg:swift#memcache set log_name = cache
[filter:catch_errors] use = egg:swift#catch_errors
[filter:healthcheck] use = egg:swift#healthcheck 如果运行多个memcached服务,在proxy-server.conf文件中[filter:cache]下设置多个IP:porxy监听。cd /etc/swift swift-ring-builder account.builder create18 1 1 swift-ring-builder container.builder create18 1 1 swift-ring-builder object.builder create 181 1 每个存储设备节点添加以下条目到ring:swift-ring-builder account.builder addz1-192.168.198.103:6002/sda5 100 swift-ring-builder container.builder addz1-192.168.198.103:6001/sda5 100 swift-ring-builder object.builder add z1-192.168.198.103:6000/sda5100 swift-ring-builder account.builder swift-ring-builder container.builder swift-ring-builder object.builder swift-ring-builder account.builderrebalance swift-ring-builder container.builderrebalance swift-ring-builder object.builder rebalance 复制account.ring.gz, container.ring.gz, object.ring.gz文件到每一个代理和存储节点的/etc/swift下确保所有配置文件swift用户都有权限chown –Rswift:swift /etc/swift启动代理服务swift-init proxy start 重新启动存储节点服务swift-init main start swift-init rest start
存储节点
# apt-get install swift openssh-server rsync memcached python-netifaces python-xattrpython-memcache
mkdir -p /etc/swift chown -R swift:swift /etc/swift/ 创建/etc/swift/swift.conf [swift-hash] # random unique string that can neverchange (DO NOT LOSE) swift_hash_path_suffix = ABCabcABC
apt-get install swift-account swift-container swift-object xfsprogs对所有节点设备设置XFS卷(/dev/sdb是这里的实例)fdisk /dev/sda (set up a single partition) mkfs.xfs -i size=1024 /dev/sdba echo "/dev/sda3 /srv/node/sda5 xfsnoatime,nodiratime,nobarrier,logbufs=8 0 0" >> /etc/fstab mkdir -p /srv/node/sda5 mount /srv/node/sda5 chown -R swift:swift /srv/node 创建/etc/rsyncd.confuid = swift gid = swift log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid address = 192.168.198.103
[account] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/account.lock
[container] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/container.lock
[object] max connections = 2 path = /srv/node/ read only = false lock file = /var/lock/object.lock 编辑/etc/default/rsync中下面的行RSYNC_ENABLE = true启动rsyncservice rsync start创建/etc/swift/account-server.conf[DEFAULT] bind_ip = 192.168.198.103 workers = 2
[pipeline:main] pipeline = account-server
[app:account-server] use = egg:swift#account
[account-replicator]
[account-auditor]
[account-reaper] 创建/etc/swift/container-server.conf[DEFAULT] bind_ip = 192.168.198.103 workers = 2
[pipeline:main] pipeline = container-server
[app:container-server] use = egg:swift#container
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
创建/etc/swift/object-server.conf[DEFAULT] bind_ip = 192.168.198.103 workers = 2
[pipeline:main] pipeline = object-server
[app:object-server] use = egg:swift#object
[object-replicator]
[object-updater]
[object-auditor]
[object-expirer] 启动存储服务swift-initobject-server start swift-init object-replicator start swift-init object-updater start swift-init object-auditor start swift-init container-server start swift-init container-replicatorstart swift-init container-updater start swift-init container-auditor start swift-init account-server start swift-init account-replicator start swift-init account-auditor start
Windows2008
这里windows2008我采用qcow2格式来制作镜像,流程和centos类似
用kvm-img创建一个10G大小的镜像文件:
kvm-img create -f qcow2 win2008.img 10G
因为windows没有默认的virtio驱动,所以先下载
wgethttp://alt.fedoraproject.org/pub ... rtio-win-0.1-15.iso
wget http://alt.fedoraproject.org/pub ... rtio-win-1.1.16.vfd
启动kvm,映射驱动vfd到软盘A
kvm -m 1024 -cdrom en_windows_server_2008_r2_dvd.iso -drivefile=win2008.img,if=virtio,boot=on -fda virtio-win-1.1.16.vfd -boot d-nographic -vnc :1
用vnc访问安装,在安装的时候需要选择一下硬盘驱动,安装好以后,停掉虚拟机,重新用以下命令启动
kvm -m 1024 -drive file=win2008.img,if=virtio,boot=on -cdromvirtio-win-0.1-15.iso -net nic,model=virtio -net user -boot c -nographic -vnc:1
再用vnc访问,应该会提示自动安装好了virtio的网卡驱动
用glance添加这个镜像,指定格式为qcow2
glance add -A your_glance_token name="win2008" is_public=true disk_format=qcow2< win2008.img
这样就完成了
完成镜像以后,我们还可以在securitygroup里面添加3389和22端口,这样能够允许rdp和ssh访问对应的
|