Openstack完整搭建系统整理版

guyuehhh

Operating System


How to login to Ubuntu(12.04) Server system
Login as a normal user
user: openstack
password: password


Obtain Root privilege
sudo su -
password: password


Update Host configuration
hostname controller
echo "controller" > /etc/hostname

cat > /etc/hosts << EOF 127.0.0.1       localhost 127.0.1.1       controller {put_eth0_ip_here}       controller # The following lines are desirable for IPv6 capable hosts ::1     ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF

Configure the network
Setup the network in Native OpenStack VM
# NOTE: The current IP is statically assigned by our system. Please do not change it.vi /etc/network/interfaces

# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.8.210 netmask 255.255.255.0 gateway 192.168.8.1 dns-nameservers 192.168.8.15 8.8.8.8 # 需在此配置DNS，不可直接修改/etc/resolv.conf文件 auto eth1 iface eth1 inet static address 192.168.8.211 netmask 255.255.255.0 auto eth2 iface eth2 inet static address 192.168.8.212 netmask 255.255.255.0

Restart the network service
/etc/init.d/networking restart


Enable IP forwarding
　　# To permit IP packets pass through different networks, # the network card should be configured with routing capability.
　　echo"net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p










Upgrade your system to the latest version

Add software repository

echo -en 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main\n deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main' \ >> /etc/apt/sources.list.d/havana.list

Upgrade the system
apt-get update && apt-get dist-upgrade


Install NTP

Install the package
apt-get install -y ntp



Update /etc/ntp.conf file
# Here we set ntp.ubuntu.com as the direct source of time.# You will also find that a local time source # is also provided in case of internet time service interruption.

sed -i 's/server ntp.ubuntu.com/ \ server ntp.ubuntu.com \ server 127.127.1.0 \ fudge 127.127.1.0 stratum 10/g' /etc/ntp.conf

Restart NTP service
service ntp restart


Set the OpenStack installation environment
# Create the environment variables

cat > /root/novarc << EOF export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password export MYSQL_PASS=password export SERVICE_PASSWORD=password export RABBIT_PASSWORD=password export FIXED_RANGE=10.0.0.0/24 export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' \ | cut -f2 -d ":" | awk -F "." '{print $1"."$2"."$3}').224/27 export OS_AUTH_URL="http://localhost:5000/v2.0/" export SERVICE_ENDPOINT="http://localhost:35357/v2.0" export SERVICE_TOKEN=stackinsider export MASTER="$(/sbin/ifconfig eth0 \ | awk '/inet addr/ {print $2}' | cut -f2 -d ":")" export LOCAL_IP="$(/sbin/ifconfig eth1 \ | awk '/inet addr/ {print $2}' | cut -f2 -d ":")" EOF

# Update the global environment variables.cat/root/novarc >>/etc/profile
source /etc/profile

MySQL Server




Setup the MySQL password for administrator
cat << MYSQL_PRESEED | debconf-set-selections
mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS
mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED


Install the packages
apt-get -y install mysql-server python-mysqldb curl


Allow external connections
　　# Bind MySQL service to all network interfaces.
　　sed -i  's/127.0.0.1/0.0.0.0/g'  /etc/mysql/my.cnf



Restart MySQL service
service mysql restart



Create Databases, Users, Privileges for OpenStack

mysql -uroot -p$MYSQL_PASS << EOF CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '$MYSQL_PASS'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '$MYSQL_PASS'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '$MYSQL_PASS'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '$MYSQL_PASS'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$MYSQL_PASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '$MYSQL_PASS'; FLUSH PRIVILEGES; EOF

Message Queue Server: RabbitMQ

Install the packages
　　# Install the messaging queue server. Typically it is RabbitMQ.
　　apt-get -y install rabbitmq-server



Change the default password
rabbitmqctl change_password guest $RABBIT_PASSWORD



OpenStack Identity Server: Keystone

Install the packages
apt-get -y install keystone



Update /etc/keystone/keystone.conf

sed -i -e " s/# admin_token = ADMIN/admin_token = $SERVICE_TOKEN/g; \ s/# bind_host = 0.0.0.0/bind_host = 0.0.0.0/g; \ s/# public_port = 5000/public_port = 5000/g; \ s/# admin_port = 35357/admin_port = 35357/g; \ s/# compute_port = 8774/compute_port = 8774/g; \ s/# verbose = True/verbose = True/g; \ s/# idle_timeout/idle_timeout/g" /etc/keystone/keystone.conf

Update MySQL connection for Keyatone

sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}'\ /etc/keystone/keystone.conf

Restart Keystone and Sync database
service keystone restart
keystone-manage db_sync



Create users, tenants, services for OpenStack
wget http://wiki.stackinsider.com/images/9/99/Ksdata.sh_.txt -O Ksdata.shsed -i 's/quantum/neutron/g' Ksdata.shsed -i 's/QUANTUM/NEUTRON/g' Ksdata.shsh Ksdata.sh


Create endpoints for OpenStack
wget http://wiki.stackinsider.com/images/1/18/Ksendpoints.sh_.txt -O Ksendpoints.shsed -i 's/quantum/neutron/g' Ksendpoints.shsh Ksendpoints.sh



OpenStack Image Server: Glance

Install the packages
apt-get -y install glance


Update the credentials for Glance

sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; \ " /etc/glance/glance-api.conf  /etc/glance/glance-registry.conf

Update MySQL connection for Glance
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}'\
/etc/glance/glance-registry.conf /etc/glance/glance-api.conf


Setup notifier for Glance
sed -i " s/notifier_strategy = noop/notifier_strategy = rabbit/g;\ s/rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g;" \
/etc/glance/glance-api.conf


Setup flavor for Glance
cat << EOF >>/etc/glance/glance-api.conf
flavor = keystone+cachemanagement
EOF
cat << EOF >>/etc/glance/glance-registry.conf
flavor = keystone
EOF


Restart Glance services
service glance-api restart
service glance-registry restart


Sync Glance database
glance-manage db_sync


Download Cirros image
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img


Upload Cirros image to Glance
glance add name=cirros-0.3.0-x86_64 is_public=truecontainer_format=bare \
disk_format=qcow2 </root/cirros-0.3.0-x86_64-disk.img


Check the image
# Check the image ID to confirm if Glance operates normally.
glance index



OpenStack Block Storage: Cinder

Install the packages
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget \
open-iscsi iscsitarget-dkms python-cinderclient


Prepare the logical volumnes for Cinder
You can manage Cinder via a pre-prepared logical volumes "cinder-volumes", the size of which is 1.2GB.
fdisk -l
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb

Volume group "cinder-volumes" successfully created

iSCSI configuration

Enable the iSCSI target service
sed -i 's/false/true/g'/etc/default/iscsitarget


Re-configure the kernel modules
dpkg-reconfigure iscsitarget-dkms


Restart iSCSI services
service iscsitarget restart && service open-iscsi restart


Update the configuration file of Cinder

cat >/etc/cinder/cinder.conf <<EOF [DEFAULT] sql_connection = mysql://cinder:$MYSQL_PASS@$MASTER/cinder rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini iscsi_helper = tgtadm volume_name_template = volume-%s volume_group = cinder-volumes verbose = True auth_strategy = keystone state_path = /var/lib/cinder lock_path = /var/lock/cinder volumes_dir = /var/lib/cinder/volumes rabbit_password = $RABBIT_PASSWORD EOF

Update the credentials of Cinder
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/cinder/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " \
/etc/cinder/api-paste.ini


Synchronize the database of Cinder
cinder-manage db sync


Restart the services of Cinder
service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart



OpenStack Network Server: Neutron

Install the Open vSwitch
apt-get install -y openvswitch-switch
apt-get install module-assistant
　　module-assistant auto-install openvswitch-datapath
若遇kernel-header错误，则执行以下命令，再执行上一步命令即可：
ln -s /usr/src/linux-headers-`uname -r`/include/generated/uapi/linux/version.h /lib/modules/`uname -r`/build/include/linux/
　　




Configure the network bridge

Configure the bridge for internal communication
ovs-vsctl add-br br-int


Configure the bridge for external communication
ovs-vsctl add-br br-eth2
# Enable external network access under nested Open vSwitchifconfig br-eth2 promisc up


Bind eth2 to the external bridge
ovs-vsctl add-port br-eth2 eth2


Update the external bridge configuration
vim /etc/network/interfaces
# Modify the corresponding configuration
auto eth2
iface eth2 inet manual
up ifconfig$IFACE 0.0.0.0 up
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off
down ifconfig$IFACE down
auto br-eth2
iface br-eth2 inet static
address {put_eth2_ip_here}netmask 255.255.255.0
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off


Restart the network service
/etc/init.d/networking restart


Install Neutron
apt-get -y install neutron-server python-cliff \
neutron-plugin-openvswitch-agent \
neutron-dhcp-agent python-pyparsing


Configure the RabbitMQ
sed -i -e " s/# auth_strategy/auth_strategy/g; \ s/# fake_rabbit/fake_rabbit/g; \ s/# rabbit_host = localhost/rabbit_host = $MASTER/g; \ s/# rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g"/etc/neutron/neutron.conf


Configure the Neutron

Update the general configuration for Neutron
cat << EOF >>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[database]connection=mysql://neutron:$MYSQL_PASS@$MASTER/neutron
[ovs]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth2
EOF


Update the MySQL connection for Neutron
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"neutron"':'"password"'@'"$MASTER"'/neutron|g}' \/etc/neutron/neutron.conf


Update the metadata agent for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/metadata_agent.ini


Update the credentials for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/neutron.conf


Change the passphase of Neutron metadata agent
sed -i -e " s/# metadata_proxy_shared_secret =/metadata_proxy_shared_secret \ = helloStackinsider/g; "/etc/neutron/metadata_agent.ini


Change the passphase of Neutron dhcp agent
sed -i -e " s/# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/interface_driver = \ neutron.agent.linux.interface.OVSInterfaceDriver/g; "/etc/neutron/dhcp_agent.ini


Restart the Neutron services
cd /etc/init.d/; for i in $(ls neutron-*); do sudo service $i restart; done



OpenStack Controller Server: Nova Controller

Install the packages
apt-get -y install nova-api nova-cert nova-common pm-utils nova-conductor \
nova-scheduler python-nova python-novaclient nova-consoleauth novnc nova-novncproxy


Configure Nova

Update the credential for Nova
sed -i -e " s/127.0.0.1/$MASTER/g; s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " \
/etc/nova/api-paste.ini



Update the general configuration: /etc/nova/nova.conf

cat >/etc/nova/nova.conf <<EOF [DEFAULT] # MySQL Connection # sql_connection=mysql://nova:$MYSQL_PASS@$MASTER/nova # nova-scheduler # rabbit_host=$MASTER rabbit_password=$RABBIT_PASSWORD #scheduler_driver=nova.scheduler.simple.SimpleScheduler #compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler # nova-api # cc_host=$MASTER auth_strategy=keystone s3_host=$MASTER ec2_host=$MASTER nova_url=http://$MASTER:8774/v1.1/ ec2_url=http://$MASTER:8773/services/Cloud keystone_ec2_url=http://$MASTER:5000/v2.0/ec2tokens api_paste_config=/etc/nova/api-paste.ini allow_admin_api=true use_deprecated_auth=false ec2_private_dns_show_ip=True dmz_cidr=169.254.169.254/32 ec2_dmz_host=169.254.169.254 metadata_host=$MASTER metadata_listen=0.0.0.0 enabled_apis=ec2,osapi_compute,metadata # Networking # network_api_class=nova.network.neutronv2.api.API neutron_url=http://$MASTER:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=$SERVICE_PASSWORD neutron_admin_auth_url=http://$MASTER:35357/v2.0 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver   firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver #Metadata service_neutron_metadata_proxy = True neutron_metadata_proxy_shared_secret = helloStackinsider # Compute # compute_driver=libvirt.LibvirtDriver # Cinder # volume_api_class=nova.volume.cinder.API # Glance # glance_api_servers=$MASTER:9292 image_service=nova.image.glance.GlanceImageService # novnc # novnc_enable=true novncproxy_base_url=http://$MASTER:6080/vnc_auto.html vncserver_proxyclient_address=$MASTER vncserver_listen=$MASTER # Misc # logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova #root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf rootwrap_config=/etc/nova/rootwrap.conf verbose=true #verbose=false EOF

Synchronize Nova database
nova-manage db sync


Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done



OpenStack Compute Server: Nova Compute

Install the Hypervisor
apt-get install -y kvm libvirt-bin pm-utils


Setup Cgroup support for libvirt
cat << EOF >>/etc/libvirt/qemu.conf
cgroup_device_acl = ["/dev/null", "/dev/full", "/dev/zero","/dev/random", "/dev/urandom","/dev/ptmx", "/dev/kvm", "/dev/kqemu","/dev/rtc", "/dev/hpet","/dev/net/tun",
]
EOF


Allow Live Migration
sed -i '/#listen_tls/s/#listen_tls/listen_tls/;/#listen_tcp/s/#listen_tcp/listen_tcp/;/#auth_tcp/s/#auth_tcp/auth_tcp/; /auth_tcp/s/sasl/none/' \/etc/libvirt/libvirtd.conf


Listen on TCP
sed -i '/env libvirtd_opts/s/-d/-d -l/'/etc/init/libvirt-bin.conf
sed -i '/libvirtd_opts/s/-d/-d -l/'/etc/default/libvirt-bin


Restart libvirt-bin service
service libvirt-bin restart


Install the Nova Compute
　　apt-get -y install nova-compute-kvm
　　

　　
Modify the libvirt_type
vi /etc/nova/nova-compute.conf
libvirt_type=kvm 修改为 libvirt_type=qemu　　
Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done

　　





OpenStack Dashboard: Horizon

Install Horizon
apt-get -y install apache2 libapache2-mod-wsgi openstack-dashboard memcached python-memcache


Prepare Tenant Network

Create a bash script for preparation
vi /root/prepare_network.sh

#!/bin/bash # Create Tenant and User # tenant=TenantA user=UserA usermail=usera@stackinsider.com role=Member if keystone tenant-list | grep -q $tenant;then echo "Tenant $tenant existed!" else tenant_id=`keystone tenant-create --name $tenant | awk '/id/{print $4}'` fi if keystone user-list | grep -q $user;then echo "User $user existed!" else keystone user-create --name=$user --pass=password --tenant-id $tenant_id --email=$usermail fi keystone user-role-add --tenant $tenant  --user $user --role $role # Create virtual router and sub-network # neutron net-create --tenant-id ${tenant_id} sharednet1 --shared --provider:network_type flat \ --provider:physical_network physnet1 neutron subnet-create --tenant-id ${tenant_id} sharednet1 192.168.100.0/24 --no-gateway \ --allocation-pool start=192.168.100.150,end=192.168.100.200 # 新建子网，配置共享网段

Execute the bash script to create network interconnection
bash prepare_network.sh


Set up the default security group rules
# Obtain TenantA's default security group ID
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list
# Enable ICMP and TCP ports
neutron security-group-rule-create --protocol icmp --direction ingress {TenantA security group ID}
neutron security-group-rule-create --protocol icmp --direction egress {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction egress --port-range-min 1 --port-range-max 65535 {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction ingress --port-range-min 1 --port-range-max65535{TenantA security group ID}


Start a VM

Check the Ubuntu image
# Check the image ID to confirm if Glance operates normally.
glance index


Generate ssh key and Upload it to Nova
　　# Generate ssh key
　　ssh-keygen
　　# Upload ssh pub key to nova
nova keypair-add key01 --pub-key ~/.ssh/id_rsa.pub

Launch a VM
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image{the cirros ID from Glance} --security_group default --key-name key01 vm001


Check the VM status
# Check your VM status
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list


Access the VM instance using its flat IP
# Obtain the VM's fixed IP
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
# You can find its fixed IP in the "Networks" section: sharednet1={flat IP}.# SSH to your VM when your VM is ACTIVEssh cirros@{put_flat_ip_here}Access the Dashboard
http://controller/horizon (controller为主机名)



Questions
执行“neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list”出现错误：
“404 Not Found.The resource could not be found.”
解决：

vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [securitygroup] # Firewall driver for realizing neutron security group function. # firewall_driver = neutron.agent.firewall.NoopFirewallDriver firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 然后重启neutron服务： cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done