install-openstack-folsom-with-nova-network

来源：互联网发布：可靠性分析软件nessus 编辑：程序博客网时间：2024/06/16 05:45

OpenStack Folsom 安装

http://wiki.stacklab.org/doku.php?id=stacklab:documentation:install-openstack-folsom-with-nova-network

本文介绍了如何安装OpenStack Folsom版，因为在Foslom版本中，Quantum还不成熟，所以使用nova-network。
nova-network使用FlatDHCP+Multihost模式，每个服务器装两块网卡。eth0用于public network和manage network，eth1用于vm network。

节点名角色eth0eth1运行的服务control-01控制节点192.168.56.101 keystone、glance、cinder、nova-api、nova-schedulercompute-01计算节点192.168.56.111 nova-compute、nova-network、nova-api-metadatacompute-02计算节点192.168.56.112 nova-compute、nova-network、nova-api-metadatacompute-03计算节点192.168.56.113 nova-compute、nova-network、nova-api-metadata

该环境中规划了 256个fixed_ip，网段是 10.0.0.0/24。还规划了128个floating_ip，网段是 192.168.56.128/25 。

所有节点

操作系统

使用的是 ubuntu-12.04.1-server-amd64 ，下载地址为 download

网络设置

修改/etc/network/interfaces配置：

# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceauto eth0iface eth0 inet static#不同服务器有不同的IP地址address 192.168.56.101  netmask 255.255.255.0gateway 192.168.56.1dns-nameservers 8.8.8.8auto eth1iface eth1 inet manualup ifconfig eth1 up

源

Folsom版本是2012年10月发布的，已经进入的ubuntu 12.04的官方源。你需要手动添加源。
在 ”/etc/apt/sources.list” 添加下面两行内容：

deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/folsom maindeb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main

更新操作:

#apt-get update

hostname设置

修改/etc/hostname(不同节点的hostname不一样) :

#cat /etc/hostnamecontrol-01

修改/etc/hosts，添加上:

192.168.56.101  control-01192.168.56.111  compute-01192.168.56.112  compute-02192.168.56.113  compute-03

mysql和rabbitmq

安装mysql,设置mysql的密码是”root”:

#apt-get install mysql-server python-mysqldb

配置mysql可以接受来自任何节点的请求:

#sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf#service mysql restart

安装rebbitmq:

#apt-get install rabbitmq-server

NTP

安装NTP:

#apt-get install ntp#sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf#service ntp restart

其他

控制节点

安装OpenStack组件

#os_keystone="keystone python-keystone python-keystoneclient"#os_glance="glance glance-api python-glanceclient glance-common"#os_nova="nova-api nova-cert nova-common  nova-scheduler python-nova python-novaclient nova-consoleauth novnc   nova-novncproxy "#os_horizon="apache2 libapache2-mod-wsgi openstack-dashboard memcached python-memcache"#os_cinder="cinder-api cinder-scheduler cinder-volume iscsitarget  open-iscsi iscsitarget-dkms python-cinderclient"#apt-get install $os_keystone $os_glance $os_nova $os_horizon $os_cinder

各个服务的数据库

需要给keystone、nova、cinder、glance创建数据，设置权限。这里简单的设置所有数据库的用户名和密码都是'openstack'，当然你也可以设置为其他字符串。

#mysql -uroot -prootmysql> CREATE DATABASE keystone;mysql> CREATE DATABASE nova;mysql> CREATE DATABASE cinder;mysql> CREATE DATABASE glance;mysql> GRANT ALL ON keystone.* TO openstack@'%' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON nova.* TO openstack@'%' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON cinder.* TO openstack@'%' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON glance.* TO openstack@'%' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON keystone.* TO openstack@'192.168.56.101' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON nova.* TO openstack@'192.168.56.101' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON nova.* TO openstack@'192.168.56.111' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON nova.* TO openstack@'192.168.56.112' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON nova.* TO openstack@'192.168.56.113' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON cinder.* TO openstack@'192.168.56.101' IDENTIFIED BY 'openstack';mysql> GRANT ALL ON glance.* TO openstack@'192.168.56.101' IDENTIFIED BY 'openstack';

keystone

修改 /etc/keystone/keystone.conf配置，以便能够访问数据库:

connection = mysql://openstack:openstack@192.168.56.101/keystone

重启服务器，并初始化数据库:

#service keystone restart#keystone-manage db_sync

执行keystone_basic.sh脚本，创建基本的user、tenant、role。keystone_basic.sh脚本如下所示：

#!/bin/sh## Keystone basic configuration # Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh # Modified by Bilel Msekni / Institut Telecom## Support: openstack@lists.launchpad.net# License: Apache Software License (ASL) 2.0##节点的IP地址HOST_IP=192.168.56.101ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin_pass}SERVICE_PASSWORD=${SERVICE_PASSWORD:-service_pass}export SERVICE_TOKEN="ADMIN"export SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0"SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service} get_id () {    echo `$@ | awk '/ id / { print $4 }'`} # TenantsADMIN_TENANT=$(get_id keystone tenant-create --name=admin)SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)  # UsersADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com)  # RolesADMIN_ROLE=$(get_id keystone role-create --name=admin)KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin) # Add Roles to Users in Tenantskeystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANTkeystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANTkeystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT # The Member role is used by Horizon and SwiftMEMBER_ROLE=$(get_id keystone role-create --name=Member) # Configure service users/rolesNOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=nova@domain.com)keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=glance@domain.com)keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE CINDER_USER=$(get_id keystone user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT --email=cinder@domain.com)keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE

执行 keystone_endpoints_basic.sh脚本，创建endpoints。keystone_endpoints_basic.sh脚本如下所示：

#!/bin/sh## Keystone basic Endpoints # Mainly inspired by https://github.com/openstack/keystone/blob/master/tools/sample_data.sh # Modified by Bilel Msekni / Institut Telecom## Support: openstack@lists.launchpad.net# License: Apache Software License (ASL) 2.0# # Host address#节点的manage network的IP地址HOST_IP=192.168.56.101#节点的public network的IP地址EXT_HOST_IP=192.168.56.101 # MySQL definitionsMYSQL_USER=PranavMYSQL_DATABASE=keystoneMYSQL_HOST=$HOST_IPMYSQL_PASSWORD=cloud # Keystone definitionsKEYSTONE_REGION=RegionOneexport SERVICE_TOKEN=ADMINexport SERVICE_ENDPOINT="http://${HOST_IP}:35357/v2.0" while getopts "u:D:p:m:K:R:E:T:vh" opt; docase $opt in    u)      MYSQL_USER=$OPTARG      ;;    D)      MYSQL_DATABASE=$OPTARG      ;;    p)      MYSQL_PASSWORD=$OPTARG      ;;    m)      MYSQL_HOST=$OPTARG      ;;    K)      MASTER=$OPTARG      ;;    R)      KEYSTONE_REGION=$OPTARG      ;;    E)      export SERVICE_ENDPOINT=$OPTARG      ;;    T)      export SERVICE_TOKEN=$OPTARG      ;;    v)      set -x      ;;    h)      cat <<EOFUsage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password][-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ][ -T keystone_token ]Add -v for verbose mode, -h to display this message.EOF      exit 0      ;;    \?)      echo "Unknown option -$OPTARG" >&2      exit 1      ;;    :)      echo "Option -$OPTARG requires an argument" >&2      exit 1      ;;  esacdone if [ -z "$KEYSTONE_REGION" ]; thenecho "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2  missing_args="true"fi if [ -z "$SERVICE_TOKEN" ]; thenecho "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2  missing_args="true"fi if [ -z "$SERVICE_ENDPOINT" ]; thenecho "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2  missing_args="true"fi if [ -z "$MYSQL_PASSWORD" ]; thenecho "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2  missing_args="true"fi if [ -n "$missing_args" ]; thenexit 1fikeystone service-create --name nova --type compute --description 'OpenStack Compute Service'keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'keystone service-create --name glance --type image --description 'OpenStack Image Service'keystone service-create --name keystone --type identity --description 'OpenStack Identity'keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service' create_endpoint () {  case $1 in    compute)    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8774/v2/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8774/v2/$(tenant_id)s'    ;;    volume)    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8776/v1/$(tenant_id)s' --adminurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s' --internalurl 'http://'"$HOST_IP"':8776/v1/$(tenant_id)s'    ;;    image)    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':9292/v2' --adminurl 'http://'"$HOST_IP"':9292/v2' --internalurl 'http://'"$HOST_IP"':9292/v2'    ;;    identity)    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':5000/v2.0' --adminurl 'http://'"$HOST_IP"':35357/v2.0' --internalurl 'http://'"$HOST_IP"':5000/v2.0'    ;;    ec2)    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'"$EXT_HOST_IP"':8773/services/Cloud' --adminurl 'http://'"$HOST_IP"':8773/services/Admin' --internalurl 'http://'"$HOST_IP"':8773/services/Cloud'    ;;  esac} for i in compute volume image object-store identity ec2; doid=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1  create_endpoint $i $iddone

填写openrc文件：

# cat openrc export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=admin_passexport OS_AUTH_URL="http://192.168.56.101:5000/v2.0/"

加载环境变量:

#source openrc

测试keystone:

# keystone user-list+----------------------------------+--------+---------+-------------------+|                id                |  name  | enabled |       email       |+----------------------------------+--------+---------+-------------------+| 4fa0ecb0979c46928d0d9e6a11965ca5 | glance |   True  | glance@domain.com || 7e10d7dfe68c437abda3a29da9550415 |  nova  |   True  |  nova@domain.com  || abeb9e73069640debd8d4e2de4fee2cb | admin  |   True  |  admin@domain.com || d5146f2348f14406a84984e353e8ff7a | cinder |   True  | cinder@domain.com |+----------------------------------+--------+---------+-------------------+

glance

更新glance的配置文件 /etc/glance/glance-api-paste.ini :

[filter:authtoken]paste.filter_factory = keystone.middleware.auth_token:filter_factoryauth_host = 192.168.56.101auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = service_pass

更新glance的配置文件 /etc/glance/glance-registry-paste.ini :

[filter:authtoken]paste.filter_factory = keystone.middleware.auth_token:filter_factoryauth_host = 192.168.56.101auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = service_pass

更新 /etc/glance/glance-api.conf :

sql_connection = mysql://openstack:openstack@192.168.56.101/glance[paste_deploy]flavor = keystone

更新 /etc/glance/glance-registry.conf :

sql_connection = mysql://openstack:openstack@192.168.56.101/glance[paste_deploy]flavor = keystone

重启服务:

#service glance-api restart; service glance-registry restart

同步数据库:

#glance-manage db_sync

重启服务:

#service glance-api restart; service glance-registry restart

上传镜像:

#wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img#source openrc#glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 < cirros-0.3.0-x86_64-disk.img

测试glance:

#glance iamge-list

cinder

配置iscsitarget:

#sed -i 's/false/true/g' /etc/default/iscsitarget

重启服务iscsitarget:

#service iscsitarget start#service open-iscsi start

更新配置 /etc/cinder/api-paste.ini:

[filter:authtoken]paste.filter_factory = keystone.middleware.auth_token:filter_factoryservice_protocol = httpservice_host = 192.168.56.101service_port = 5000auth_host = 192.168.56.101auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = cinderadmin_password = service_pass

更新配置 /etc/cinder/cinder.conf :

[DEFAULT]rootwrap_config=/etc/cinder/rootwrap.confsql_connection = mysql://openstack:openstack@192.168.56.101/cinderapi_paste_confg = /etc/cinder/api-paste.iniiscsi_helper=ietadmvolume_name_template = volume-%svolume_group = cinder-volumesverbose = Trueauth_strategy = keystone#osapi_volume_listen_port=5900

同步数据库:

#cinder-manage db sync

创建一个测试用的volumegroup:

# mkdir -p /opt/data/cinder# cd /opt/data/cinder/# truncate -s 2G vgfile# losetup -f --show vgfile /dev/loop0# vgcreate cinder-volumes /dev/loop0No physical volume label read from /dev/loop0Writing physical volume data to disk "/dev/loop0"Physical volume "/dev/loop0" successfully createdVolume group "cinder-volumes" successfully created

重启服务:

#cd /etc/init.d/; for i in $( ls cinder-* ); do service $i restart; done

nova

修改配置/etc/nova/api-paste.ini:

[filter:authtoken]paste.filter_factory = keystone.middleware.auth_token:filter_factoryauth_host = 192.168.56.101auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = novaadmin_password = service_passsigning_dirname = /tmp/keystone-signing-nova

修改配置 /etc/nova/nova.conf:

[DEFAULT]# LOGS/STATEverbose=Truelogdir=/var/log/novastate_path=/var/lib/novalock_path=/run/lock/nova# AUTHENTICATIONauth_strategy=keystone# SCHEDULERscheduler_driver=nova.scheduler.multi.MultiSchedulercompute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler# CINDERvolume_api_class=nova.volume.cinder.API# DATABASEsql_connection=mysql://openstack:openstack@192.168.56.101/nova# COMPUTE#假如节点不支持kvm,则填写qemu(一般是使用虚拟机安装openstack时)libvirt_type=kvm  libvirt_use_virtio_for_bridges=Truestart_guests_on_host_boot=Trueresume_guests_state_on_host_boot=Trueapi_paste_config=/etc/nova/api-paste.iniallow_admin_api=Trueuse_deprecated_auth=Falsenova_url=http://192.168.56.101:8774/v1.1/root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf# APISec2_host=192.168.56.101ec2_url=http://192.168.56.101:8773/services/Cloudkeystone_ec2_url=http://192.168.56.101:5000/v2.0/ec2tokenss3_host=192.168.56.101cc_host=192.168.56.101metadata_host=192.168.56.101enabled_apis=ec2,osapi_compute,metadata# RABBITMQrabbit_host=192.168.56.101# GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.56.101:9292# NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0    flat_interface=eth1     flat_network_bridge=br100fixed_range=10.0.0.0/24   network_size=256flat_injected=Falseconnection_type=libvirtmulti_host=True# NOVNC CONSOLEnovnc_enabled=Truenovncproxy_base_url=http://192.168.56.101:6080/vnc_auto.htmlvncserver_proxyclient_address=192.168.56.101vncserver_listen=192.168.56.101

修改sudoers文件，在/etc/sudoers添加上：

#Paste this line anywhere you like:nova ALL=(ALL) NOPASSWD:ALL

同步数据库:

#nova-manage db sync

重启nova服务:

#for i in nova-api nova-cert nova-consoleauth nova-novncproxy nova-scheduler; do service $i restart; done

检查服务状态:

#nova-manage service list

创建fixed_ip:

#nova-manage network create private --fixed_range_v4=10.0.0.0/24 --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=256 --multi_host=T

创建floating_ip:

#nova-manage floating create 192.168.56.128/25

计算节点

安装OpenStack组件

#os_nova="nova-common python-nova python-novaclient nova-compute nova-network nova-api-metadata "#os_other=" kvm libvirt-bin pm-utils bridge-utils"#apt-get install  $os_nova $other

nova

编辑 /etc/nova/nova.conf文件(假设在节点compute-01上，ip地址是192.168.56.111):

[DEFAULT]# LOGS/STATEverbose=Truelogdir=/var/log/novastate_path=/var/lib/novalock_path=/run/lock/nova# AUTHENTICATIONauth_strategy=keystone# SCHEDULERscheduler_driver=nova.scheduler.multi.MultiSchedulercompute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler# CINDERvolume_api_class=nova.volume.cinder.API# DATABASEsql_connection=mysql://openstack:openstack@192.168.56.101/nova# COMPUTElibvirt_type=qemulibvirt_use_virtio_for_bridges=Truestart_guests_on_host_boot=Trueresume_guests_state_on_host_boot=Trueapi_paste_config=/etc/nova/api-paste.iniallow_admin_api=Trueuse_deprecated_auth=Falsenova_url=http://192.168.56.101:8774/v1.1/root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf# APISec2_host=192.168.56.101ec2_url=http://192.168.56.101:8773/services/Cloudkeystone_ec2_url=http://192.168.56.101:5000/v2.0/ec2tokenss3_host=192.168.56.101cc_host=192.168.56.101#每个metadata_host的ip都要和节点的ip一样metadata_host=192.168.56.111metadata_listen=0.0.0.0enabled_apis=metadata# RABBITMQrabbit_host=192.168.56.101# GLANCEimage_service=nova.image.glance.GlanceImageServiceglance_api_servers=192.168.56.101:9292# NETWORKnetwork_manager=nova.network.manager.FlatDHCPManagerforce_dhcp_release=Truedhcpbridge_flagfile=/etc/nova/nova.confdhcpbridge=/usr/bin/nova-dhcpbridgefirewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriverpublic_interface=eth0flat_interface=eth1flat_network_bridge=br100fixed_range=10.0.0.0/24network_size=256flat_injected=Falseconnection_type=libvirtmulti_host=True# NOVNC CONSOLEnovnc_enabled=Truenovncproxy_base_url=http://192.168.56.101:6080/vnc_auto.html#vncserver_proxyclient_address和vncserver_listen的ip要和节点ip一样vncserver_proxyclient_address=192.168.56.111vncserver_listen=192.168.56.111

修改/etc/nova/nova-compute.conf的配置：

[DEFAULT]#假如节点不支持kvm,则填写qemu(一般是使用虚拟机安装openstack时)libvirt_type=kvm

启动服务：

#for i in nova-api-metadata nova-compute nova-network; do service $i restart; done

其他计算节点

其他计算节点按照同样的方法部署。

访问OpenStack DashBoard

在控制节点上重启apache和memcached:

#service apache2 restart; service memcached restart

访问 http://192.168.56.101/horizon ，用户名和密码是 admin 和 admin_pass 。