前言:openstack真是一個龐然大物,想要吃透還真不容易,所以在對openstack大概有了一個了解的時候,就應(yīng)該是部署,雖然openstack的安裝方式有rdo或者devstack等一鍵安裝工具,但是最好淺嘗輒止,有了大概的使用經(jīng)驗之后就應(yīng)該是從頭到尾的安裝一遍了,不然對于那些報錯,以及故障的解決一定是不夠氣定神閑的,因此,當(dāng)你有了openstack的基本認(rèn)識后,開始安裝吧~
創(chuàng)新互聯(lián)建站專注于阿合奇企業(yè)網(wǎng)站建設(shè),響應(yīng)式網(wǎng)站設(shè)計,商城網(wǎng)站開發(fā)。阿合奇網(wǎng)站建設(shè)公司,為阿合奇等地區(qū)提供建站服務(wù)。全流程定制網(wǎng)站設(shè)計,專業(yè)設(shè)計,全程項目跟蹤,創(chuàng)新互聯(lián)建站專業(yè)和態(tài)度為您提供的服務(wù)
注:openstack的官方文檔寫得真的是,好的不要不要的,但是看英文總是感覺有點不溜,因此在官方文檔的基礎(chǔ)上寫得這篇筆記。
參考:http://docs.openstack.org/mitaka/install-guide-rdo/
首先應(yīng)該是大概的規(guī)劃,需要幾個節(jié)點,選擇什么操作系統(tǒng),網(wǎng)絡(luò)怎么劃分~
下面是我的大概規(guī)劃
節(jié)點數(shù):2 (控制節(jié)點,計算節(jié)點)
操作系統(tǒng):CentOS Linux release 7.2.1511 (Core)
網(wǎng)絡(luò)配置:
控制節(jié)點: 10.0.0.101 192.168.15.101
結(jié)算節(jié)點: 10.0.0.102 192.168.15.102
先決條件:
The following minimum requirements should support a proof-of-concept environment with core services and several CirrOS instances:
Controller Node: 1 processor, 4 GB memory, and 5 GB storage
Compute Node: 1 processor, 2 GB memory, and 10 GB storage
官方建議概念驗證的最小硬件需求。
控制節(jié)點 1 處理器,4 GB內(nèi)存,5 GB硬盤
計算節(jié)點 1 處理器,2 GB內(nèi)存,10 GB硬盤
參考:http://docs.openstack.org/mitaka/install-guide-rdo/environment.html
注:如果你是用手動一步一步的創(chuàng)建操作系統(tǒng),配置網(wǎng)絡(luò),那么筆者就得好好的鄙視你了~~研究研究vagrant吧,通過下面的配置文件你就能一條命令生成兩個虛擬機,并配置好網(wǎng)絡(luò)了,vagrant簡易教程參考:http://youerning.blog.51cto.com/10513771/1745102
# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure(2) do |config| config.vm.box = "centos7" node_servers = { :control => ['10.0.0.101','192.168.15.101'], :compute => ['10.0.0.102','192.168.15.102'] } node_servers.each do |node_name,node_ip| config.vm.define node_name do |node_config| node_config.vm.host_name = node_name.to_s node_config.vm.network :private_network,ip: node_ip[0] node_config.vm.network :private_network,ip: node_ip[1],virtualbox_inet: true config.vm.boot_timeout = 300 node_config.vm.provider "virtualbox" do |v| v.memory = 4096 v.cpus = 1 end end end end
通過vagrant up一條命令,稍等一會,兩個熱騰騰的虛擬機就出爐了,我們的環(huán)境就OK了~~
環(huán)境如下
操作系統(tǒng):CentOS Linux release 7.2.1511 (Core)
網(wǎng)絡(luò)配置:
控制節(jié)點: 10.0.0.101 192.168.15.101
結(jié)算節(jié)點: 10.0.0.102 192.168.15.102
注意:上面的config.vm.box = "centos7",首先需要有個centos7的box
在開始部署前,我們先捋一捋openstack安裝步驟
首先是軟件環(huán)境準(zhǔn)備,我們需要將一些通用的軟件以及源倉庫等進行配置,基本如下
NTP服務(wù)器
控制節(jié)點,其他節(jié)點
openstack 安裝包倉庫
通用組件:
SQL 數(shù)據(jù)庫 ===> MariaDB
NOSQL 數(shù)據(jù)庫 ==> MongoDB(基本組件不需要,)
消息隊列 ==> RabbitMQ
Memcached
再就是openstack整個框架下的各個組件,基本組件如下
認(rèn)證服務(wù) ===> Keystone
鏡像服務(wù) ===> Glance
計算資源服務(wù) ===> Nova
網(wǎng)絡(luò)資源服務(wù) ===> Neutron
Dashboard ===> Horizon
塊存儲服務(wù) ===> Cinder
其他存儲服務(wù),如下
文件共享服務(wù) ===> Manila
對象存儲服務(wù) ===> Swift
其他組件,如下
編排服務(wù) ===> Heat
遙測服務(wù) ===> Ceilometer
數(shù)據(jù)庫服務(wù) ===> Trove
環(huán)境準(zhǔn)備
域名解析:
在各個節(jié)點編輯hosts文件,加入以下配置
10.0.0.101 controller
10.0.0.102 compute
ntp時間服務(wù)器
控制節(jié)點
1) 安裝chrony軟件包
yum install chrony
2) 編輯配置文件 /etc/chrony.conf,添加以下內(nèi)容,202.108.6.95可根據(jù)自己需求自行更改。
server 202.108.6.95 iburst
allow 10.0.0.0/24
3)加入自啟動,并啟動
# systemctl enable chronyd.service
# systemctl start chronyd.service
其他節(jié)點
1) 安裝chrony軟件包
yum install chrony
2) 編輯配置文件 /etc/chrony.conf,添加以下內(nèi)容
server controller iburst
allow 10.0.0.0/24
3)加入自啟動,并啟動
# systemctl enable chronyd.service
# systemctl start chronyd.service
驗證:
控制節(jié)點
chronyc sources
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
=============================================================
^- 192.0.2.11 2 7 12 137 -2814us[-3000us] +/- 43ms
^* 192.0.2.12 2 6 177 46 +17us[ -23us] +/- 68ms
其他節(jié)點
# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 9 377 421 +15us[ -87us] +/- 15ms
openstack 安裝包倉庫
安裝相應(yīng)openstack版本yum源
yum install centos-release-openstack-mitaka
系統(tǒng)更新
yum upgrade
注:如果系統(tǒng)內(nèi)核有更新,需要重啟
安裝openstackclient,openstack-selinux
yum install python-openstackclient yum install openstack-selinux
注:如果報什么 Package does not match intended download,則yum clean all或者直接下載rpm包安裝吧。
參考下載地址:http://ftp.usf.edu/pub/centos/7/cloud/x86_64/openstack-kilo/common/
SQL數(shù)據(jù)庫
安裝
yum install mariadb mariadb-server python2-PyMySQL
創(chuàng)建/etc/my.cnf.d/openstack.cnf配置文件,加入以下內(nèi)容
#綁定IP [mysqld] bind-address = 10.0.0.11 #設(shè)置字符集等 default-storage-engine = innodb . innodb_file_per_table collation-server = utf8_general_ci character-set-server = utf8
配置啟動項,啟動等
systemctl enable mariadb.service systemctl start mariadb.service
數(shù)據(jù)庫初始化,創(chuàng)建root密碼等,操作如下
mysql_secure_installation
Enter current password for root (enter for none):[Enter]
Set root password? [Y/n] Y
New password: openstack
Re-enter new password:openstack
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
消息隊列rabbitmq
安裝
yum install rabbitmq-server
配置啟動項,啟動
systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service
添加openstack用戶
rabbitmqctl add_user openstack RABBIT_PASS
設(shè)置openstack用戶的權(quán)限,依次分別為寫,讀,訪問
rabbitmqctl set_permissions openstack ".*"".*"".*"
NoSQL Mongodb
安裝
yum install mongodb-server mongodb
配置/etc/mongod.conf配置文件
bind_ip = 10.0.0.11 #smallfile=true可選 smallfiles = true
配置啟動項,啟動
# systemctl enable mongod.service # systemctl start mongod.service
Memcached
安裝
# yum install memcached python-memcached
配置啟動項,啟動
# systemctl enable memcached.service # systemctl start memcached.service
至此,openstack整個框架的軟件環(huán)境基本搞定,下面就是各組件了。
安裝各組件很有意思,除了keystone基本上是差不多的步驟,唯一的區(qū)別就是創(chuàng)建時指定的名字不同而已,基本是一般以下步驟。
1)配置數(shù)據(jù)庫
create database xxx GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'localhost' \ IDENTIFIED BY 'XXXX_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'%' \ IDENTIFIED BY 'XXXX_DBPASS';
2)安裝
yum install xxx
3)配置文件
配置各項服務(wù)的連接,比如數(shù)據(jù)庫,rabbitmq等
認(rèn)證配置
特定配置
5)數(shù)據(jù)庫同步
創(chuàng)建需要的表
4)加入啟動項,啟動
# systemctl enable openstack-xxx.service # systemctl start openstack-xxxx.service
5)創(chuàng)建用戶,service,endpoint等
openstack user create xxx openstack service create xxx openstack endpoint create xxx
6)驗證服務(wù)是否成功
注:配置文件的配置建議首先備份,然后為了省略不必要的篇幅,在此說明配置文件的編輯方式,如下。
[DEFAULT]
...
admin_token = ADMIN_TOKEN
上面的內(nèi)容,指明在[DEFAULT]的段落加入admin_token = ADMIN_TOKEN內(nèi)容。
各組件安裝
認(rèn)證服務(wù) Keystone
配置數(shù)據(jù)庫
$ mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS';
安裝
# yum install openstack-keystone httpd mod_wsgi
配置文件/etc/keystone/keystone.conf
admin令牌
[DEFAULT] ... admin_token = ADMIN_TOKEN
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
令牌生成方式
[token] ... provider = fernet
注:上面的ADMIN_TOKEN可用openssl rand -hex 10命令生成,或者填入一串自定義的字符串
數(shù)據(jù)庫同步
# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet秘鑰。
令牌的生成方式參考:http://blog.csdn.net/miss_yang_cloud/article/details/49633719
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置Apache
編輯/etc/httpd/conf/httpd.conf
更改一下內(nèi)容
ServerName controller
創(chuàng)建/etc/httpd/conf.d/wsgi-keystone.conf配置文件,加入以下內(nèi)容
Listen 5000 Listen 35357WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted
配置啟動項,啟動
# systemctl enable httpd.service # systemctl start httpd.service
創(chuàng)建service,API endpoint
為了避免不必要的篇幅,將admin_token,endpoint url配置到環(huán)境變量。
$ export OS_TOKEN=ADMIN_TOKEN $ export OS_URL=http://controller:35357/v3 $ export OS_IDENTITY_API_VERSION=3
創(chuàng)建service
$ openstack service create \ --name keystone --description "OpenStack Identity" identity
創(chuàng)建endpoint,依次有public,internal,admin
$ openstack endpoint create --region RegionOne \ identity public http://controller:5000/v3 $ openstack endpoint create --region RegionOne \ identity internal http://controller:5000/v3 $ openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v3
創(chuàng)建域,項目,用戶,角色 domain,project,user,role
創(chuàng)建domain
openstack domain create --description "Default Domain" default
創(chuàng)建project
openstack user create --domain default \ --password-prompt admin
創(chuàng)建admin role
openstack role create admin
將admin角色加入admin項目中
openstack role add --project admin --user admin admin
創(chuàng)建service項目
openstack project create --domain default \ --description "Service Project" service
創(chuàng)建demo項目
openstack project create --domain default \ --description "Demo Project" demo
創(chuàng)建demo用戶
openstack user create --domain default \ --password-prompt demo
創(chuàng)建user角色
openstack role create user
將user角色加入到demo項目中
openstack role add --project demo --user demo user
注:記住創(chuàng)建用戶時的密碼。
驗證admin用戶
unset OS_TOKEN OS_URL openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
驗證demo用戶
$ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
如果有以上格式返回,驗證通過
admin,demo用戶的環(huán)境變量腳本
正常情況下,當(dāng)然吧諸如os-xxxx的參數(shù)放在環(huán)境變量中,為了更快的在admin,demo用戶之間切換,創(chuàng)建環(huán)境腳本
創(chuàng)建admin-openrc
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
創(chuàng)建demo-openrc
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
在此驗證admin
首先 . admin-openrc
$ openstack token issue
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h4fIagi5NoEmh31U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
鏡像服務(wù) Glance
配置數(shù)據(jù)庫
$ mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS';
創(chuàng)建service,user,role
$ . admin-openrc $ openstack user create --domain default --password-prompt glance $ openstack role add --project service --user glance admin
創(chuàng)建endpoint,依次有public,internal,admin
$ openstack service create --name glance \ --description "OpenStack Image" p_w_picpath $ openstack endpoint create --region RegionOne \ p_w_picpath public http://controller:9292 $ openstack endpoint create --region RegionOne \ p_w_picpath internal http://controller:9292 $ openstack endpoint create --region RegionOne \ p_w_picpath admin http://controller:9292
安裝
# yum install openstack-glance
配置文件/etc/glance/glance-api.conf
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
keystone認(rèn)證
[keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... flavor = keystone
glance存儲
[glance_store] ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/p_w_picpaths/
配置文件/etc/glance/glance-registry.conf
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
keystone認(rèn)證
[keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = GLANCE_PASS [paste_deploy] ... flavor = keystone
同步數(shù)據(jù)庫
# su -s /bin/sh -c "glance-manage db_sync" glance
啟動
# systemctl enable openstack-glance-api.service \ openstack-glance-registry.service # systemctl start openstack-glance-api.service \ openstack-glance-registry.service
驗證
$ . admin-openrc
下載cirros鏡像
$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
創(chuàng)建鏡像
$ openstack p_w_picpath create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public
如果執(zhí)行以下命令,顯示如下,則成功
$ openstack p_w_picpath list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | +--------------------------------------+--------+
計算資源服務(wù) nova
控制節(jié)點
數(shù)據(jù)庫
$ mysql -u root -p CREATE DATABASE nova_api; CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS';
創(chuàng)建service,user,role
$ . admin-openrc $ openstack user create --domain default \ --password-prompt nova $ openstack role add --project service --user nova admin $ openstack service create --name nova \ --description "OpenStack Compute" compute
創(chuàng)建endpoint,依次有public,internal,admin
$ openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1/%\(tenant_id\)s
安裝
# yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler
配置文件/etc/nova/nova.conf
啟用的api
[DEFAULT] ... enabled_apis = osapi_compute,metadata [api_database] ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS
綁定ip
[DEFAULT] ... my_ip = 10.0.0.101
支持neutron
[DEFAULT] ... use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
vnc配置
[vnc] ... vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip
glance配置
[glance] ... api_servers = http://controller:9292
并發(fā)鎖
[oslo_concurrency] ... lock_path = /var/lib/nova/tmp
同步數(shù)據(jù)庫
# su -s /bin/sh -c "nova-manage api_db sync" nova # su -s /bin/sh -c "nova-manage db sync" nova
啟動
# systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
計算節(jié)點
安裝
# yum install openstack-nova-compute
配置文件/etc/nova/nova.conf
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS
綁定ip
[DEFAULT] ... my_ip = 10.0.0.102
支持neutron
[DEFAULT] ... use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
配置VNC
[vnc] ... enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html
配置Glance
[glance] ... api_servers = http://controller:9292
并發(fā)鎖
[oslo_concurrency] ... lock_path = /var/lib/nova/tmp
虛擬化驅(qū)動
[libvirt] ... virt_type = qemu
啟動
# systemctl enable libvirtd.service openstack-nova-compute.service # systemctl start libvirtd.service openstack-nova-compute.service
驗證
$ . admin-openrc
$ openstack compute service list
+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+--------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |
| 4 | nova-compute | compute1 | nova | enabled | up | 2016-02-09T23:11:20.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
網(wǎng)絡(luò)服務(wù) neutron
控制節(jié)點
數(shù)據(jù)庫
$ mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
創(chuàng)建service,user,role
$ . admin-openrc $ openstack user create --domain default --password-prompt neutron $ openstack role add --project service --user neutron admin $ openstack service create --name neutron \ --description "OpenStack Networking" network
創(chuàng)建endpoint,依次有public,internal,admin
$ openstack endpoint create --region RegionOne \ network public http://controller:9696 $ openstack endpoint create --region RegionOne \ network internal http://controller:9696 $ openstack endpoint create --region RegionOne \ network admin http://controller:9696
配置提供者網(wǎng)絡(luò) provider network,
參考:http://docs.openstack.org/mitaka/install-guide-rdo/neutron-controller-install-option1.html
安裝
# yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
配置文件/etc/neutron/neutron.conf
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
啟用二層插件,禁用其他插件
[DEFAULT] ... core_plugin = ml2 service_plugins =
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS
并發(fā)鎖
[oslo_concurrency] ... lock_path = /var/lib/neutron/tmp
配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
驅(qū)動
[ml2] ... type_drivers = flat,vlan
禁用個人(selfservice)網(wǎng)絡(luò)
[ml2] ... tenant_network_types =
啟用linux網(wǎng)橋
[ml2] ... mechanism_drivers = linuxbridge
端口安裝擴展
[ml2] ... extension_drivers = port_security
flat網(wǎng)絡(luò)
[ml2_type_flat] ... flat_networks = provider
啟用ipset
[securitygroup] ... enable_ipset = True
配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = False [securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
注:PROVIDER_INTERFACE_NAME為網(wǎng)絡(luò)接口,如eth 1之類的
配置文件/etc/neutron/dhcp_agent.ini
[DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.DNSmasq enable_isolated_metadata = True
配置文件/etc/neutron/metadata_agent.ini
[DEFAULT] ... nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET
配置文件/etc/nova/nova.conf
[neutron] ... url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET
軟連接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
數(shù)據(jù)庫同步
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重啟nova-api
systemctl restart openstack-nova-api.service
啟動
# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl enable neutron-l3-agent.service # systemctl start neutron-l3-agent.service
計算節(jié)點
安裝
yum install openstack-neutron-linuxbridge ebtables
配置文件 /etc/neutron/neutron.conf
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS
并發(fā)鎖
[oslo_concurrency] ... lock_path = /var/lib/neutron/tmp
配置文件/etc/nova/nova.conf
[neutron] ... url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
重啟nova-compute
# systemctl restart openstack-nova-compute.service
啟動
# systemctl enable neutron-linuxbridge-agent.service # systemctl start neutron-linuxbridge-agent.service
驗證
$ . admin-openrc $ neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
............
Dashboard horizon
注:必須在控制節(jié)點
安裝
# yum install openstack-dashboard
配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_API_VERSIONS = { "identity": 3, "p_w_picpath": 2, "volume": 2, } OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" OPENSTACK_NEUTRON_NETWORK = { ... 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_***': False, 'enable_fip_topology_check': False, } TIME_ZONE = "Asia/Shanghai"
啟動
# systemctl restart httpd.service memcached.service
驗證
訪問http://controller/dashboard
塊存儲 cinder
數(shù)據(jù)庫
$ mysql -u root -p CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY 'CINDER_DBPASS'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ IDENTIFIED BY 'CINDER_DBPASS';
創(chuàng)建service,user,role
$ . admin-openrc $ openstack user create --domain default --password-prompt cinder $ openstack role add --project service --user cinder admin
注意,這里創(chuàng)建兩個service
$ openstack service create --name cinder \ --description "OpenStack Block Storage" volume $ openstack service create --name cinderv2 \ --description "OpenStack Block Storage" volumev2
創(chuàng)建endpoint,依次有public,internal,admin
$ openstack endpoint create --region RegionOne \ volume public http://controller:8776/v1/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ volume internal http://controller:8776/v1/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ volume admin http://controller:8776/v1/%\(tenant_id\)s
注意,每個service對應(yīng)三個endpoint
$ openstack endpoint create --region RegionOne \ volumev2 public http://controller:8776/v2/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ volumev2 internal http://controller:8776/v2/%\(tenant_id\)s $ openstack endpoint create --region RegionOne \ volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
安裝
控制節(jié)點
# yum install openstack-cinder
配置文件/etc/cinder/cinder.conf
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS
綁定ip
[DEFAULT] ... my_ip = 10.0.0.11
并行鎖
[oslo_concurrency] ... lock_path = /var/lib/cinder/tmp
同步數(shù)據(jù)庫
# su -s /bin/sh -c "cinder-manage db sync" cinder
配置文件/etc/nova/nova.conf
[cinder] os_region_name = RegionOne
重啟nova-api
# systemctl restart openstack-nova-api.service
啟動
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service # systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
其他節(jié)點,可在計算節(jié)點加一塊硬盤
注:需要另外一塊硬盤
安裝
# yum install lvm2 # systemctl enable lvm2-lvmetad.service # systemctl start lvm2-lvmetad.service
創(chuàng)建邏輯卷
# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created
# vgcreate cinder-volumes /dev/sdb Volume group "cinder-volumes" successfully created
配置文件/etc/lvm/lvm.conf
devices { ... filter = [ "a/sdb/", "r/.*/"]
注:新添加的硬盤一般為sdb,如果有sdc,sde等,則為filter = [ "a/sdb/", "a/sdb/","a/sdb/","r/.*/"],以此類推
安裝
# yum install openstack-cinder targetcli
配置文件/etc/cinder/cinder.conf
數(shù)據(jù)庫
[database] ... connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
rabbitmq隊列
[DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS
keystone認(rèn)證
[DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS
綁定ip
[DEFAULT] ... my_ip = 10.0.0.102
增加[lvm]及其內(nèi)容
[lvm] ... volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm
后端啟用lvm
[DEFAULT] ... enabled_backends = lvm
配置Glance API
[DEFAULT] ... glance_api_servers = http://controller:9292
并行鎖
[oslo_concurrency] ... lock_path = /var/lib/cinder/tmp
啟動
# systemctl enable openstack-cinder-volume.service target.service # systemctl start openstack-cinder-volume.service target.service
驗證
$ . admin-openrc $ cinder service-list
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | 2014-10-18T01:30:54.000000 | None |
| cinder-volume | block1@lvm | nova | enabled | up | 2014-10-18T01:30:57.000000 | None |
至此?;旧贤瓿闪?,所有的安裝,你可以在dashboard上首先用admin用戶創(chuàng)建一個網(wǎng)絡(luò),然后用新建一個實例
后記:雖然手動安裝一整套實在有點夸張,這里還是用yum的呢~但是至少得這么手動來一次,其他時候就腳本或者安裝工具吧,復(fù)制粘貼都把我復(fù)制的眼花了~
其他組件就另起一篇文章了,值得注意的是,官方文檔才是最好的文檔