CentOS6.6部署OpenStack Havana(Nova-Network版)

3tr21

CentOS6.4部署OpenStack Havana(Nova-Network版)

一 基本设备介绍

测试环境
CentOS6.4 x64

OpenStack 服务 介绍

计算 (Compute) - Nova；
网络和地址管理 - Neutron；
对象存储 (Object) - Swift；
块存储 (Block) - Cinder；
身份 (Identity) - keystone；
镜像 (Image) - Glance；
UI 界面 (Dashboard) - Horizon；
测量 (Metering) - Ceilometer；
编配 (Orchestration) – Heat；

主机分配:
主 机名         IP（Static）     系统              角色
openstack      192.168.0.210    CentOS x64     管理节点/计算节点
node01         192.168.0.212    CentOS x64        计算节点

二 管理节点安装 ( Openstack )

首先更新系统版本 yum update ( 否则 报yum ssl错误 )

reboot

2.1 （导入第三方安装源）
rpm -Uvh http://dl.fedoraproject.org/pub/ ... ease-6-8.noarch.rpm
rpm -Uvh http://pkgs.repoforge.org/rpmfor ... 1.el6.rf.x86_64.rpm
yum -y install http://repos.fedorapeople.org/re ... havana-7.noarch.rpm


2.2  （配置/hetc/hosts 文件)
vi /etc/hosts
192.168.0.211 openstack
192.168.0.212 node01

2.3  (配置网络)


2.4  关闭selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
setenforce 0


2.5  修改/etc/sysctl.conf参数
vi /etc/sysctl.conf

修改
net.ipv4.ip_forward = 1
sysctl -p

2.6  安装ntp服务
yum -y install ntp

service ntpd start
chkconfig ntpd on

2.7  安装MySQL服务
yum -y install mysql mysql-server MySQL-python

vi /etc/my.cnf

[mysqld]在后面增加
bind-address = 0.0.0.0

启动mysqld 并设置自动启动
service mysqld start
chkconfig mysqld on

修改MySQL密码为jicki
mysqladmin -uroot password 'jicki'; history -c


2.8  安装qpid 服务
yum -y install qpid-cpp-server memcached

修改/etc/qpidd.conf配置文件,将auth设置为no
vi /etc/qpidd.conf
auth=no


启动 qpidd 以及 设置自定启动
service qpidd start
chkconfig qpidd on


安装OpenStack工具包
yum -y install openstack-utils


2.9  安装配置KeyStone
安装KeyStone服务
yum -y install openstack-keystone


创建keystone数据库，修改配置文件中的数据库链接
openstack-db --init --service keystone


修改配置文件中的数据库链接  ( 帐号密码都为上面创建的 keystone )
openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone


使用openssl随即生成一个令牌，将其存储在配置文件中
export SERVICE_TOKEN=$(openssl rand -hex 10)
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
mkdir /root/config                (创建配置文件目录 用于记录一些key)
echo $SERVICE_TOKEN > /root/config/ks_admin_token.txt
cat /root/config/ks_admin_token.txt
35fbb7e5601644a1f37f
将生成的SERVICE_TOKEN值写入文件中保存，以备后续使用，后面涉及到的SERVICE_TOKEN值都是在ks_admin_token.txt文件中获取的。所以一旦写入文件，不要再次运行命令生成SERVICE_TOKEN，否则前后不一致会为调试带来麻烦。

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN


默认情况下keysonte使用PKI令牌。创建签名密钥和证书
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log


启动keystone服务，设置开机自启动
service openstack-keystone start
chkconfig openstack-keystone on


2.10  定义Users、Tenants and Roles

修改.bash_profile文件，添加以下参数
vi /root/.bash_profile

export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=jicki
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
export SERVICE_TOKEN=35fbb7e5601644a1f37f

使变量即时生效
source .bash_profile


为管理员用户创建一个tenant，为openstack其他服务的用户创建一个tenant
keystone tenant-create --name=admin --description='Admin Tenant'
keystone tenant-create --name=service --description='Service Tenant'


创建一个管理员用户admin
keystone user-create --name=admin --pass=jicki --email=keystone@localhost


创建一个管理员角色admin
keystone role-create --name=admin


将角色添加到用户
keystone user-role-add --user=admin --tenant=admin --role=admin


2.11  定义Services 和 API Endpoints
为KeyStone创建一个服务
keystone service-create --name=keystone --type=identity --description="KeystoneIdentity Service"


使用服务ID创建一个endpoint
vi /root/config/keystone.sh

#!/bin/bash
my_ip=192.168.0.211
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0


sh /root/config/keystone.sh


2.12  安装配置Glance
yum -y install openstack-glance


创建Glance数据库
openstack-db --init --service glance


修改配置文件中的数据库链接
openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance
openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance


2.13  创建User，定义Services 和 API Endpoints
为Glance服务创建一个glance用户
keystone user-create --name=glance --pass=service --email=glance@localhost
keystone user-role-add --user=glance --tenant=service --role=admin


为glance创建一个服务
keystone service-create --name=glance --type=image --description="Glance ImageService"


使用服务ID创建一个endpoint

vi /root/config/glance.sh

#!/bin/bash
my_ip=192.168.0.211
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292

sh /root/config/glance.sh


配置Glance服务
将keystone认证信息添加到glance配置文件中

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service



修改ini文件路径，将keystone认证信息添加到ini文件中

openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
chown -R root:glance /etc/glance/glance-api-paste.ini
chown -R root:glance /etc/glance/glance-registry-paste.ini

openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host 127.0.0.1
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service


修改镜像文件的存放路径（默认存放在/var/lib/glance目录下，若不需修改，此步骤可省略）
openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /opt/openstack/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /opt/openstack/lib/glance/scrubber
openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /opt/openstack/lib/glance/image-cache/
mkdir -p /opt/openstack/lib
cp -r /var/lib/glance/ /opt/openstack/lib/
chown -R glance:glance /opt/openstack/lib/glance/


启动glance服务，设置开机自启动
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on


2.14  Glance测试
glance image-create --name=centos6.6 --disk-format=qcow2 --container-format=ovf --is-public=true < /root/CentOS-6.6-x86_64-minimal.iso


查看镜像
glance image-list
+--------------------------------------+-----------+-------------+------------------+-----------+--------+
| ID                                   | Name      | Disk Format | Container Format | Size      | Status |
+--------------------------------------+-----------+-------------+------------------+-----------+--------+
| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | qcow2       | ovf              | 401604608 | active |
+--------------------------------------+-----------+-------------+------------------+-----------+--------+


2.15  安装配置Nova
yum -y install openstack-nova


创建nova数据库
openstack-db --init --service nova


创建User，定义Services 和 API Endpoints
vi /root/config/nova-user.sh

#!/bin/sh
my_ip=192.168.0.210
keystone user-create --name=nova --pass=service --email=nova@localhost
keystone user-role-add --user=nova --tenant=service --role=admin
keystone service-create --name=nova --type=compute --description="Nova Compute Service"
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%(tenant_id)s --internalurl=http://$my_ip:8774/v2/%(tenant_id)s --adminurl=http://$my_ip:8774/v2/%(tenant_id)s

sh /root/config/nova-user.sh



配置nova服务
修改/etc/nova/nova.conf配置文件

------------------------------------------------------------------------------

[DEFAULT]
my_ip = 192.168.0.210
auth_strategy = keystone
state_path = /opt/openstack/lib/nova
verbose=True

allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = 192.168.0.210
libvirt_type = kvm
glance_api_servers = 192.168.0.210:9292

novncproxy_base_url = http://192.168.0.210:6080/vnc_auto.html
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
vnc_enabled = true
vnc_keymap = en-us

network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0

instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier

compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
[hyperv]
[zookeeper]
[osapi_v3]
[conductor]
[keymgr]
[cells]
[database]
[image_file_url]
[baremetal]
[rpc_notifier2]
[matchmaker_redis]
[ssl]
[trusted_computing]
[upgrade_levels]
[matchmaker_ring]
[vmware]
[spice]
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
---------------------------------------------------------------------------------





因上述配置文件中修改了instances实例存放的位置，还需要作一下操作

修改instances路径，设置目录权限
cp -r /var/lib/nova/ /opt/openstack/lib/
chown -R nova:nova /opt/openstack/lib/nova/


配置libvirtd服务，删除virbr0
启动libvirt服务
service libvirtd start


查看net-list，发现default
virsh net-list


删除default，即virbr0
virsh net-destroy default
virsh net-undefine default


重启libvirtd服务，设置开机自启动
service libvirtd restart
chkconfig libvirtd on


启动nova相关服务，设置开机自启动
service messagebus start
chkconfig messagebus on


启动nova服务，采用network网络服务
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
service openstack-nova-compute start
service openstack-nova-network start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
chkconfig openstack-nova-compute on
chkconfig openstack-nova-network on




nova测试
创建网络
nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge-interface=br1 --multi-host=T

nova network-list
+--------------------------------------+-------+-------------+
| ID                                   | Label | Cidr        |
+--------------------------------------+-------+-------------+
| 440a5c95-9882-4e79-9d75-e5ce7ff27799 | vmnet | 10.1.1.0/24 |
+--------------------------------------+-------+-------------+

nova-manage network list


设置安全组
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0


查看镜像
nova image-list
+--------------------------------------+-----------+--------+--------+
| ID                                   | Name      | Status | Server |
+--------------------------------------+-----------+--------+--------+
| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | ACTIVE |        |
+--------------------------------------+-----------+--------+--------+



创建虚拟机实例
nova boot --flavor 1 --image centos6.6 vm01



查看虚拟机实例运行状态
nova list
+--------------------------------------+------+--------+------------+-------------+----------------+
| ID                                   | Name | Status | Task State | Power State | Networks       |
+--------------------------------------+------+--------+------------+-------------+----------------+
| 32a62826-ff62-48cb-a273-fb1091049f14 | vm01 | ACTIVE | -          | Running     | vmnet=10.1.1.2 |
+--------------------------------------+------+--------+------------+-------------+----------------+

删除一个实例
nova delete 3713704f-2628-49ec-8731-d683f25bef3e


测试虚拟机实例连通性
ping 10.1.1.2




2.16  安装配置Horizon
yum -y install openstack-dashboard


修改local_settings文件,将DEBUG = False修改为DEBUG = True
vi /etc/openstack-dashboard/local_settings
DEBUG = True


修改httpd.conf文件，将#ServerName www.example.com:80修改为ServerName 192.168.0.211:80
vi /etc/httpd/conf/httpd.conf
#ServerName www.example.com:80
ServerName 192.168.0.211:80


修改local_settings.py文件，将"Member"修改为"admin"
vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"



启动http服务，设置开机自启动
service httpd start
chkconfig httpd on


重启nova-api服务
service openstack-nova-api restart


添加防火墙策略
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
iptables -I INPUT -p tcp --dport 6080 -j ACCEPT
service iptables save


Horizon安装完成，使用http://192.168.0.210/dashboard访问openstack web界面。
http://192.168.0.210/dashboard访问openstack
用户名: admin
密码:








添加新项目
为操作员用户创建一个tenant
keystone tenant-create --name=manager --description='Manager Tenant'



创建操作员用户
keystone user-create --name=manager --pass=jicki --email=manager@localhost



创建一个管理角色manager
keystone role-create --name=manager



将nova角色添加到用户
keystone user-role-add --user=nova --tenant=service --role=manager