OpenStack All in One

jopen 10年前

系统环境:ubuntu-server-14.04

网络环境:VMware Nat eth0 192.168.149.130

配置密码:为了便于管理,所有服务密码均配置为openstack



一、数据库

a) 安装

# apt-get install python-mysqldb mysql-server

b) 配置

修改 /etc/mysql/my.cnf

[mysqld]  …    bind-address = 127.0.0.1            # ip 地址全部使用本机  default-storage-engine = innodb     #设置默认存储引擎为 Innodb  innodb_file_per_table  collation-server = utf8_general_ci  #设置编码格式  init-connect = 'SET NAMES utf8'  character-set-server = utf8

c) 重启 mysql 服务,使用安全模式初始化数据库,删除匿名用户

# service mysql restart  # mysql_secure_installation 或 # mysql_install_db

二、软件包配置

a) 安装 OpenStack Havana Ubuntu 云档案

# apt-get install python-software-properties  # add-apt-repository cloud-archive:Havana

b) 更新软件包数据库,更新系统

# apt-get update && apt-get dist-upgrade  # reboot

三、消息服务

消息服务使用 rabbitmq

# apt-get install rabbitmq-server

注:rabbitmq默认提供一个guest用户和默认的guest密码,这里需要修改一下guest用户的密码,因为后面配置nova服务的时候需要用到rabbitmq密码

# rabbitmqctl change_password guest openstack

OpenStack All in One

四、Keystone认证服务

a) 安装

# apt-get install keystone

b) 配置

    1)  修改数据库连接方式,编辑配置文件/etc/keystone/keystone.conf

...  [sql]  # The SQLAlchemy connection string used to connect to the database  connection = mysql://keystone:openstack@127.0.0.1/keystone  ...

          2)  删除默认创建的数据库

rm –f /var/lib/keystone/keystone.db

          3)  创建数据库

# mysql -u root -p  mysql> CREATE DATABASE keystone;  mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \  IDENTIFIED BY 'openstack';  mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \  IDENTIFIED BY 'openstack';

          4)  创建数据表

# keystone-manage db_sync

          5)  创建一个随机的 Token用于连接认证服务时使用

                # openssl rand -hex 10 > /root/token      #后面还会用到所以可以保存起来

          编辑 /etc/keystone/keyston.conf

[DEFAULT]  # A "shared secret" between keystone and other openstack services  admin_token = ADMIN_TOKEN  ...

            6)  重启服务

# service keystone restart

c) 创建租户(tenant)、用户(user)、角色(role)

        在还没有创建任何用户之前,我们必须要使用token来进行认证,可以将token设置为环境变量,或者在使用keystone命令的时候使用 –os-token 命令来指定token

        这里设置为环境变量:         

# export OS_SERVICE_TOKEN=ADMIN_TOKEN  # export OS_SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

OpenStack All in One

            1)  创建租户adminservice

# keystone tenant-create --name=admin --description="Admin Tenant"

OpenStack All in One

# keystone tenant-create --name=service --description="Service Tenant"

OpenStack All in One

            2)  创建用户admin


#keystone user-create --name=admin --pass=openstack --email=admin@localhost


OpenStack All in One

# keystone role-create --name=admin

            3)  admin创建role

OpenStack All in One

            4)  关联 usertenantrole

# keystone user-role-add --user=admin --tenant=admin --role=admin

d) 创建服务(service)和访问端点(endpoint)

      1)  创建keystone服务,类型为identity(认证)

# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

OpenStack All in One

            2)  使用上面返回的service id来创建服务的访问端点

# keystone endpoint-create \    --service-id=the_service_id_above\    --publicurl=http://127.0.0.1:5000/v2.0 \    --internalurl=http://127.0.0.1:5000/v2.0 \    --adminurl=http://127.0.0.1:35357/v2.0

OpenStack All in One

e) 校验keystone服务

现在已经创建了admin用户,所以可以通过admin用户来访问keystone服务

$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT  $ keystone --os-username=admin --os-password=openstack --os-auth-url=http://127.0.0.1:35357/v2.0 token-get

为了避免每次都需要输入用户名和密码,可以将它们保存为环境变量。编辑 /root/keystone.sh

export OS_USERNAME=admin  export OS_PASSWORD=openstack  export OS_TENANT_NAME=admin  export OS_AUTH_URL=http://127.0.0.1:35357/v2.0

这样只要执行 # source keystone.sh 命令就可以连接keystone

五、镜像服务—glance

a) 安装

# apt-get install glance python-glanceclient

b) 配置

      1)  设置数据库连接

    编辑配置文件/etc/glance/glance-api.conf/etc/glance/glance-registry.conf

...  [DEFAULT]  ...  # SQLAlchemy connection string for the reference implementation  # registry server. Any valid SQLAlchemy connection string is fine.  # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.  html#sqlalchemy.create_engine  sql_connection = mysql://glance:openstack@127.0.0.1/glance  ...

            2)  创建数据库

# mysql -u root -p  mysql> CREATE DATABASE glance;  mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \  IDENTIFIED BY 'openstack';  mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \  IDENTIFIED BY 'openstack';

            3)  创建数据表

# glance-manage db_sync

            4)  创建glance用户并关联到角色

# keystone user-create --name=glance --pass=openstack --email=glance@localhost

OpenStack All in One

# keystone user-role-add --user=glance --tenant=service --role=admin

            5)  配置glance服务使用keystone来进行认证

            编辑/etc/glance/glance-api.conf/etc/glance/glance-registry.conf文件

[keystone_authtoken]  ...  auth_uri = http://127.0.0.1:5000  auth_host = 127.0.0.1  auth_port = 35357  auth_protocol = http  admin_tenant_name = service  admin_user = glance  admin_password = openstack  ...  [paste_deploy]  ...  flavor = keystone

            6)  添加认证信息到/etc/glance/glance-api-paste.ini/etc/glance/glance-registry-paste.ini文件

[filter:authtoken]  paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory  auth_host=127.0.0.1  admin_user=glance  admin_tenant_name=service  admin_password=openstack

            7)  注册镜像服务

# keystone service-create --name=glance --type=image --description="Glance Image Service"

OpenStack All in One

            8)  使用上面返回的service id创建访问点

# keystone endpoint-create \  --service-id=the_service_id_above \  --publicurl=http://127.0.0.1:9292 \  --internalurl=http://127.0.0.1:9292 \  --adminurl=http://127.0.0.1:9292

OpenStack All in One

            9)  重启镜像服务

# service glance-registry restart  # service glance-api restart

c) 创建镜像文件

    CirrOS镜像是常用的一个qcow2类型的镜像,下载镜像并上传到glance服务器     

$ mkdir images  $ cd images/  $ wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img  # glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img

          查看上传的镜像可以使用

# glance image-list

OpenStack All in One               

六、计算服务

a) 安装计算服务软件包

# apt-get install nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler python-novaclient  # apt-get install nova-compute-kvm python-guestfs

        修改内核bug

# dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-$(uname -r)
# vim /etc/kernel/postinst.d/statoverride
#!/bin/sh    version="$1"    # passing the kernel version is required    [ -z "${version}" ] && exit 0    dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-${version}
# chmod +x /etc/kernel/postinst.d/statoverride

b) 配置

      1)  配置数据库

        编辑配置文件 /etc/nova/nova.conf

...  [database]  # The SQLAlchemy connection string used to connect to the database  connection = mysql://nova:openstack@127.0.0.1/nova  [keystone_authtoken]  auth_host = 127.0.0.1  auth_port = 35357  auth_protocol = http  admin_tenant_name = service  admin_user = nova  admin_password = openstack

            2)  配置计算服务使用rabbitmq消息队列传送信息

                编辑配置文件 /etc/nova/nova.conf

...  [DEFAULT]  rpc_backend = nova.rpc.impl_kombu  rabbit_host = 127.0.0.1  rabbit_password = openstack      # 如果rabbitmq未改,则使用默认guest密码  ...

            3)  创建数据库

# mysql -u root -p  mysql> CREATE DATABASE nova;  mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstack';  mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstack';

            4)  创建数据表

# nova-manage db sync

            5)  开启远程访问控制支持

                编辑配置文件 /etc/nova/nova.conf

...  [DEFAULT]  ...  my_ip=127.0.0.1  vnc_enabled=True  vncserver_listen=127.0.0.1  vncserver_proxyclient_address=127.0.0.1  novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html

            6)  创建nova用户

# keystone user-create --name=nova --pass=openstack --email=nova@localhost

OpenStack All in One

# keystone user-role-add --user=nova --tenant=service --role=admin

            7)  配置nova使用keystone认证并配置glance服务

                编辑配置文件 /etc/nova/nova.conf

[DEFAULT]  ...  auth_strategy=keystone  glance_host=127.0.0.1

            8)  添加认证信息到/etc/nova/api-paste.ini文件

[filter:authtoken]  paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory  auth_host = 127.0.0.1  auth_port = 35357  auth_protocol = http  auth_uri = http://127.0.0.1:5000/v2.0  admin_tenant_name = service  admin_user = nova  admin_password = openstack

            9)  创建计算服务和访问点

keystone service-create --name=nova --type=compute --description="Nova Compute service"

OpenStack All in One

# keystone endpoint-create --service-id=the_service_id_above \  --publicurl=http://127.0.0.1:8774/v2/%\(tenant_id\)s \  --internalurl=http://127.0.0.1:8774/v2/%\(tenant_id\)s \  --adminurl=http://127.0.0.1:8774/v2/%\(tenant_id\)s

OpenStack All in One

            10) 重启计算服务

# service nova-api restart  # service nova-cert restart  # service nova-consoleauth restart  # service nova-scheduler restart  # service nova-conductor restart  # service nova-novncproxy restart  # service nova-compute restart

            11)   配置网络

# apt-get install nova-network nova-api-metadata

                编辑配置文件 /etc/nova/nova.conf

[DEFAULT]  ...  network_manager = nova.network.manager.FlatDHCPManager  firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver  network_size = 254  allow_same_net_traffic = False  multi_host = True  send_arp_for_ha = True  share_dhcp_address = True  force_dhcp_release = True  flat_network_bridge = br100  flat_interface = eth1  public_interface = eth1

            重启服务

# service nova-network restart

注:安装完成网络服务之后,需要重新安装nova-api软件,否则nova-api服务无法启动       

# apt-get install nova-api

            创建虚拟网络用于分配给虚拟机实例

# nova network-create vmnet --fixed-range-v4=10.0.0.0/24 --bridge=br100 --multi-host=T

OpenStack All in One

七、载入实例

a) 配置认证服务

$ ssh-keygen  $ cd .ssh  $ nova keypair-add --pub_key id_rsa.pub mykey

b) 添加sshping服务

# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

c) 查看镜像

$ nova image-list

d) 查看flavor列表

$ nova flavor-list

e) 创建虚拟机实例

$ nova boot --flavor 1 --key_name mykey –image IMAGE_ID --security_group default cirrOS

OpenStack All in One

        f)  查看实例

$ nova list

  g) 连接到实例

$ ssh cirros@10.0.0.3

        h) vnc连接
    在命令行执行 # nova get-vnc–console cirrOS novnc 命令,nova会返回一个vnc连接地址,将此地址复制到浏览器的地址栏内,可以通过vnc方式访问虚拟机

OpenStack All in One

八、安装dashboard

    首先安装apache-httpd服务器

# apt-get install apache2

    然后安装dashboard

# apt-get install memcached libapache2-mod-wsgi openstack-dashboard

      dashboard安装完成之后,使用默认的配置即可访问

OpenStack All in One


注:kvm不支持嵌套虚拟化,openstack默认使用的Hypervisor是kvm,需要修改配置文件 /etc/nova/nova-compute 文件

compute_driver=libvirt.LibvirtDriver  libvirt_type=kvm    将kvm改为qemu

来自:http://my.oschina.net/JerryBaby/blog/301407