cat > /etc/hosts << EOF
127.0.0.1 localhost
127.0.1.1 controller
{put_eth0_ip_here} controller
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOF
Configure the network Setup the network in Native OpenStack VM
# NOTE: The current IP is statically assigned by our system. Please do not change it.vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.8.210
netmask 255.255.255.0
gateway 192.168.8.1
dns-nameservers 192.168.8.15 8.8.8.8 # 需在此配置DNS,不可直接修改/etc/resolv.conf文件
auto eth1
iface eth1 inet static
address 192.168.8.211
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.8.212
netmask 255.255.255.0
Restart the network service
/etc/init.d/networking restart
Enable IP forwarding
# To permit IP packets pass through different networks, # the network card should be configured with routing capability.
echo"net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
Upgrade the system
apt-get update && apt-get dist-upgrade
Install NTP
Install the package
apt-get install -y ntp
Update /etc/ntp.conf file
# Here we set ntp.ubuntu.com as the direct source of time.# You will also find that a local time source # is also provided in case of internet time service interruption.
sed -i 's/server ntp.ubuntu.com/ \
server ntp.ubuntu.com \
server 127.127.1.0 \
fudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
Restart NTP service
service ntp restart
Set the OpenStack installation environment
# Create the environment variables
# Update the global environment variables.cat/root/novarc >>/etc/profile
source /etc/profile
MySQL Server
Setup the MySQL password for administrator
cat << MYSQL_PRESEED | debconf-set-selections
mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS
mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED
Install the packages
apt-get -y install mysql-server python-mysqldb curl
Allow external connections
# Bind MySQL service to all network interfaces.
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
Restart MySQL service
service mysql restart
Create Databases, Users, Privileges for OpenStack
mysql -uroot -p$MYSQL_PASS << EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '$MYSQL_PASS';
FLUSH PRIVILEGES;
EOF
Message Queue Server: RabbitMQ
Install the packages
# Install the messaging queue server. Typically it is RabbitMQ.
apt-get -y install rabbitmq-server
Change the default password
rabbitmqctl change_password guest $RABBIT_PASSWORD
Update MySQL connection for Glance
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}'\
/etc/glance/glance-registry.conf /etc/glance/glance-api.conf
Setup notifier for Glance
sed -i " s/notifier_strategy = noop/notifier_strategy = rabbit/g;\ s/rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g;" \
/etc/glance/glance-api.conf
Prepare the logical volumnes for Cinder
You can manage Cinder via a pre-prepared logical volumes "cinder-volumes", the size of which is 1.2GB.
fdisk -l
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb
Volume group "cinder-volumes" successfully created
iSCSI configuration
Enable the iSCSI target service
sed -i 's/false/true/g'/etc/default/iscsitarget
Re-configure the kernel modules
dpkg-reconfigure iscsitarget-dkms
Restart iSCSI services
service iscsitarget restart && service open-iscsi restart
Configure the bridge for internal communication
ovs-vsctl add-br br-int
Configure the bridge for external communication
ovs-vsctl add-br br-eth2
# Enable external network access under nested Open vSwitchifconfig br-eth2 promisc up
Bind eth2 to the external bridge
ovs-vsctl add-port br-eth2 eth2
Update the external bridge configuration
vim /etc/network/interfaces
# Modify the corresponding configuration
auto eth2
iface eth2 inet manual
up ifconfig$IFACE 0.0.0.0 up
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off
down ifconfig$IFACE down
auto br-eth2
iface br-eth2 inet static
address {put_eth2_ip_here}netmask 255.255.255.0
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off
Restart the network service
/etc/init.d/networking restart
Update the general configuration for Neutron
cat << EOF >>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[database]connection=mysql://neutron:$MYSQL_PASS@$MASTER/neutron
[ovs]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth2
EOF
Update the MySQL connection for Neutron
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"neutron"':'"password"'@'"$MASTER"'/neutron|g}' \/etc/neutron/neutron.conf
Update the metadata agent for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/metadata_agent.ini
Update the credentials for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/neutron.conf
Change the passphase of Neutron metadata agent
sed -i -e " s/# metadata_proxy_shared_secret =/metadata_proxy_shared_secret \ = helloStackinsider/g; "/etc/neutron/metadata_agent.ini
Change the passphase of Neutron dhcp agent
sed -i -e " s/# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/interface_driver = \ neutron.agent.linux.interface.OVSInterfaceDriver/g; "/etc/neutron/dhcp_agent.ini
Restart the Neutron services
cd /etc/init.d/; for i in $(ls neutron-*); do sudo service $i restart; done
Update the credential for Nova
sed -i -e " s/127.0.0.1/$MASTER/g; s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " \
/etc/nova/api-paste.ini
Update the general configuration: /etc/nova/nova.conf
Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
OpenStack Compute Server: Nova Compute
Install the Hypervisor
apt-get install -y kvm libvirt-bin pm-utils
Setup Cgroup support for libvirt
cat << EOF >>/etc/libvirt/qemu.conf
cgroup_device_acl = ["/dev/null", "/dev/full", "/dev/zero","/dev/random", "/dev/urandom","/dev/ptmx", "/dev/kvm", "/dev/kqemu","/dev/rtc", "/dev/hpet","/dev/net/tun",
]
EOF
Allow Live Migration
sed -i '/#listen_tls/s/#listen_tls/listen_tls/;/#listen_tcp/s/#listen_tcp/listen_tcp/;/#auth_tcp/s/#auth_tcp/auth_tcp/; /auth_tcp/s/sasl/none/' \/etc/libvirt/libvirtd.conf
Listen on TCP
sed -i '/env libvirtd_opts/s/-d/-d -l/'/etc/init/libvirt-bin.conf
sed -i '/libvirtd_opts/s/-d/-d -l/'/etc/default/libvirt-bin
Restart libvirt-bin service
service libvirt-bin restart
Install the Nova Compute
apt-get -y install nova-compute-kvm
Modify the libvirt_type
vi /etc/nova/nova-compute.conf
libvirt_type=kvm 修改为 libvirt_type=qemu Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
Execute the bash script to create network interconnection
bash prepare_network.sh
Set up the default security group rules
# Obtain TenantA's default security group ID
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list
# Enable ICMP and TCP ports
neutron security-group-rule-create --protocol icmp --direction ingress {TenantA security group ID}
neutron security-group-rule-create --protocol icmp --direction egress {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction egress --port-range-min 1 --port-range-max 65535 {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction ingress --port-range-min 1 --port-range-max65535{TenantA security group ID}
Start a VM
Check the Ubuntu image
# Check the image ID to confirm if Glance operates normally.
glance index
Generate ssh key and Upload it to Nova
# Generate ssh key
ssh-keygen
# Upload ssh pub key to nova
nova keypair-add key01 --pub-key ~/.ssh/id_rsa.pub
Launch a VM
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image{the cirros ID from Glance} --security_group default --key-name key01 vm001
Check the VM status
# Check your VM status
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
Access the VM instance using its flat IP
# Obtain the VM's fixed IP
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
# You can find its fixed IP in the "Networks" section: sharednet1={flat IP}.# SSH to your VM when your VM is ACTIVEssh cirros@{put_flat_ip_here}Access the Dashboard
http://controller/horizon (controller为主机名)
Questions
执行“neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list”出现错误:
“404 Not Found.The resource could not be found.”
解决:
vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[securitygroup]
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
然后重启neutron服务:
cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done