OpenStack-Icehouse私有云实战部署.docx

OpenStack Icehouse私有云实战部署前言相信你一定对“云主机”一词并不陌生吧，通过在Web页面选择所需主机配置，即可快速定制一台属于自己的虚拟主机，并实现登陆操作，大大节省了物理资源。但这一过程是如何实现的呢?本文带来OpenStack Icehouse私有云实战部署。OpenStack简介OpenStack 是由网络主机服务商Rackspace和美国宇航局联合推出的一个开源项目，OpenStack的目标是为所有类型的云提供一个易于实施，可大规模扩展，且功能丰富的解决方案，任何公司或个人都可以搭建自己的云计算环境(IaaS)，从此打破了Amazon等少数公司的垄断。架构工作流程OpenStack部署实验环境实验拓扑#各节点时间已同步#各节点已禁用NetworkManager服务#各节点已清空防火墙规则，并保存#各节点已基于hosts实现主机名通信rootcontroller#cat/etc/hostslocalhostlocalhost.localdomainlocalhost4localhost4.localdomain4:1block#NetworkNode用于外部网络的接口不能用IP地址，建议使用类似如下配置#INTERFACE_NAME为实际的网络接口名，例如eth1：DEVICE=INTERFACE_NAMETYPE=EthernetONBOOT=yesBOOTPROTO=none路由配置Block Storage Node还同时提供路由功能，首先来配置一下路由rootbolck#vim/etc/sysctl.confnet.ipv4.ip_forward=1rootbolck#sysctl-prootbolck#iptables-tnat-APOSTROUTING-s/24-jSNAT-to-source26rootbolck#serviceiptablessaveiptables:Savingfirewallrulesto/etc/sysconfig/iptables:OK安装配置Keystone安装Keystoneopenstac yum源安装rootcontroller#wget/openstack-icehouse/rdo-release-icehouse.rpmrootcontroller#rpm-ivhrdo-release-icehouse.rpm 安装并初始化MySQL服务器rootcontroller#yuminstallmariadb-galera-server-yrootcontroller#vim/etc/fmysqld.datadir=/mydata/datadefault-storage-engine=innodbinnodb_file_per_table=ONcollation-server=utf8_general_ciinit-connect=SETNAMESutf8character-set-server=utf8skip_name_resolve=ONrootcontroller#mkdir/mydata/data-prootcontroller#chown-Rmysql.mysql/mydata/rootcontroller#mysql_install_db-datadir=/mydata/data/-user=mysqlrootcontroller#servicemysqldstartStartingmysqld:OKrootcontroller#chkconfigmysqldonrootcontroller#mysql_secure_installation 安装配置Identity 服务rootcontroller#yuminstallopenstack-utilsopenstack-keystonepython-keystoneclient-y#创建keystone数据库，其默认会创建一个keystone用户以访问此同名数据库，密码可以使用-pass指定rootcontroller#openstack-db-init-servicekeystone-passkeystonePleaseenterthepasswordfortherootMySQLuser:VerifiedconnectivitytoMySQL.Creatingkeystonedatabase.Initializingthekeystonedatabase,pleasewait.Complete!编辑keystone主配置文件，使得其使用MySQL做为数据存储池rootcontroller#openstack-config-set/etc/keystone/keystone.confdatabaseconnectionmysql:/keystone:keystonecontroller/keystone配置tokenrootcontroller#exportADMIN_TOKEN=$(opensslrand-hex10)rootcontroller#exportOS_SERVICE_TOKEN=$ADMIN_TOKENrootcontroller#exportOS_SERVICE_ENDPOINT=http:/controller:35357/v2.0rootcontroller#echo$ADMIN_TOKEN/openstack_admin_tokenrootcontroller#openstack-config-set/etc/keystone/keystone.confDEFAULTadmin_token$ADMIN_TOKEN 设定openstack用到的证书服务rootcontroller#keystone-managepki_setup-keystone-userkeystone-keystone-groupkeystonerootcontroller#chown-Rkeystone.keystone/etc/keystone/sslrootcontroller#chmod-Ro-rwx/etc/keystone/ssl 启动服务rootcontroller#serviceopenstack-keystonestartStartingkeystone:OKrootcontroller#chkconfigopenstack-keystoneonrootcontroller#ss-tnlp|grepkeystone-allLISTEN0128*:35357*:*users:(keystone-all,7063,4)LISTEN0128*:5000*:*users:(keystone-all,7063,6) 创建tenant、角色和用户#创建admin用户rootcontroller#keystoneuser-create-name=admin-pass=admin-email=+-+-+|Property|Value|+-+-+|email||enabled|True|id|2338be9fb4d54028a9cbcc6cb0ebe160|name|admin|username|admin|+-+-+#创建admin角色rootcontroller#keystonerole-create-name=admin+-+-+|Property|Value|+-+-+|id|1459c49b0d4d4577ac87391408620f33|name|admin|+-+-+#创建admintenantrootcontroller#keystonetenant-create-name=admin-description=AdminTenant+-+-+|Property|Value|+-+-+|description|AdminTenant|enabled|True|id|684ae003069d41d883f9cd0fcb252ae7|name|admin|+-+-+#关联用户、角色及tenantrootcontroller#keystoneuser-role-add-user=admin-tenant=admin-role=adminrootcontroller#keystoneuser-role-add-user=admin-role=_member_-tenant=admin#创建普通用户（非必须）rootcontroller#keystoneuser-create-name=demo-pass=demo-email=rootcontroller#keystonetenant-create-name=demo-description=DemoTenantrootcontroller#keystoneuser-role-add-user=demo-role=_member_-tenant=demo#创建一个服务tenant以备后用rootcontroller#keystonetenant-create-name=service-description=ServiceTenant+-+-+|Property|Value|+-+-+|description|ServiceTenant|enabled|True|id|7157abf7a84a4d74bc686d18de5e78f1|name|service|+-+-+ 设定Keystone为API endpointrootcontroller#keystoneservice-create-name=keystone-type=identity-description=OpenStackIdentity+-+-+|Property|Value|+-+-+|description|OpenStackIdentity|enabled|True|id|41fe62ccdad1485d9671c62f3d0b3727|name|keystone|type|identity|+-+-+#为上面新建的service添加endpointrootcontroller#keystoneendpoint-create-service-id=$(keystoneservice-list|awk/identity/print$2)-publicurl=http:/controller:5000/v2.0-internalurl=http:/controller:5000/v2.0-adminurl=http:/controller:35357/v2.0+-+-+|Property|Value|+-+-+|adminurl|http:/controller:35357/v2.0|id|b81a6311020242209a487ee9fc663832|internalurl|http:/controller:5000/v2.0|publicurl|http:/controller:5000/v2.0|region|regionOne|service_id|41fe62ccdad1485d9671c62f3d0b3727|+-+-+启用基于用户名认证rootcontroller#unsetOS_SERVICE_TOKENOS_SERVICE_ENDPOINTrootcontroller#vim/admin-openrc.shexportOS_USERNAME=adminexportOS_TENANT_NAME=adminexportOS_PASSWORD=adminexportOS_AUTH_URL=http:/controller:35357/v2.0/rootcontroller#.admin-openrc.sh#验正新认证机制是否生效rootcontroller#keystoneuser-list+-+-+-+-+|id|name|enabled|email|+-+-+-+-+|2338be9fb4d54028a9cbcc6cb0ebe160|admin|True||d412986b02c940caa7bee28d91fdd7e5|demo|True||+-+-+-+-+Openstack Image服务安装配置Glance服务安装相关软件包rootcontroller#yuminstallopenstack-glancepython-glanceclient-y初始化glance数据库rootcontroller#openstack-db-init-serviceglance-passwordglancePleaseenterthepasswordfortherootMySQLuser:VerifiedconnectivitytoMySQL.Creatingglancedatabase.Initializingtheglancedatabase,pleasewait.Complete!#若此处报错，可用以下方法解决#yuminstallpython-pippython-develgcc-y#pipinstallpycrypto-on-pypi#再次执行初始化即可配置glance-api和glance-registry接入数据库rootcontroller#openstack-config-set/etc/glance/glance-api.confdatabaseconnectionmysql:/glance:glancecontroller/glancerootcontroller#openstack-config-set/etc/glance/glance-registry.confdatabaseconnectionmysql:/glance:glancecontroller/glance创建glance管理用户rootcontroller#keystoneuser-create-name=glance-pass=glance-email=+-+-+|Property|Value|+-+-+|email||enabled|True|id|1ddd3b0f46c5478fb916c7559c5570d1|name|glance|username|glance|+-+-+rootcontroller#keystoneuser-role-add-user=glance-tenant=service-role=admin配置Glance服务使用Identity服务认证rootcontroller#vim/etc/glance/glance-api.confkeystone_authtokenauth_host=controllerauth_port=35357auth_protocol=httpadmin_tenant_name=serviceadmin_user=glanceadmin_password=glanceauth_uri=http:/controller:5000paste_deployflavor=keystonerootcontroller#vim/etc/glance/glance-registry.confkeystone_authtokenauth_host=controllerauth_port=35357auth_protocol=httpadmin_tenant_name=serviceadmin_user=glanceadmin_password=glanceauth_uri=http:/controller:5000paste_deployflavor=keystone 启动服务rootcontroller#serviceopenstack-glance-apistartStartingopenstack-glance-api:OKrootcontroller#chkconfigopenstack-glance-apionrootcontroller#serviceopenstack-glance-registrystartStartingopenstack-glance-registry:OKrootcontroller#chkconfigopenstack-glance-registryon创建映像文件为了使用方便，这里采用CirrOS项目制作的映像文件，其也经常被拿来测试Openstack部署rootcontroller#mkdir/imagesrootcontroller#cd/images/rootcontrollerimages#wget/0.3.4/cirros-0.3.4-x86_64-disk.img#查看映像文件格式信息rootcontrollerimages#qemu-imginfocirros-0.3.4-x86_64-disk.imgimage:cirros-0.3.4-x86_64-disk.imgfileformat:qcow2virtualsize:39M(41126400bytes)disksize:13Mcluster_size:65536#上传映像文件rootcontrollerimages#glanceimage-create-name=cirros-0.3.4-x86_64-disk-format=qcow2-container-format=bare-is-public=trueopenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-schedulerpython-novaclient 配置nova服务初始化nova数据库rootcontroller#openstack-db-init-servicenova-passwordnovaPleaseenterthepasswordfortherootMySQLuser:VerifiedconnectivitytoMySQL.Creatingnovadatabase.Initializingthenovadatabase,pleasewait.Complete!配置nova连入数据库相关信息rootcontroller#openstack-config-set/etc/nova/nova.confdatabaseconnectionmysql:/nova:novacontroller/nova 为nova指定连接队列服务qpid的相关信息rootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTrpc_backendqpidrootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTqpid_hostnamecontroller接着将 my_ip、vncserver_listen 和vncserver_proxyclient_address参数的值设定为所属“管理网络”接口地址rootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTmy_ip23rootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTvncserver_listen23rootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTvncserver_proxyclient_address23创建nova用户账号rootcontroller#keystoneuser-create-name=nova-pass=nova-email=+-+-+|Property|Value|+-+-+|email||enabled|True|id|3ea005cb6b20419ea6e81455a18d04e6|name|nova|username|nova|+-+-+rootcontroller#keystoneuser-role-add-user=nova-tenant=service-role=admin设定nova调用keystone API的相关配置rootcontroller#openstack-config-set/etc/nova/nova.confDEFAULTauth_strategykeystonerootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenauth_urihttp:/controller:5000rootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenauth_hostcontrollerrootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenauth_protocolhttprootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenauth_port35357rootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenadmin_usernovarootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenadmin_tenant_nameservicerootcontroller#openstack-config-set/etc/nova/nova.confkeystone_authtokenadmin_passwordnova在KeyStone中注册Nova compute APIrootcontroller#keystoneservice-create-name=nova-type=compute-description=OpenStackCompute+-+-+|Property|Value|+-+-+|description|OpenStackCompute|enabled|True|id|c488ce0439264ce6a204dbab59faea6a|name|nova|type|compute|+-+-+rootcontroller#keystoneendpoint-create-service-id=$(keystoneservice-list|awk/compute/print$2)-publicurl=http:/controller:8774/v2/%(tenant_id)s-internalurl=http:/controller:8774/v2/%(tenant_id)s-adminurl=http:/controller:8774/v2/%(tenant_id)s+-+-+|Property|Value|+-+-+|adminurl|http:/controller:8774/v2/%(tenant_id)s|id|94c105f958624b9ab7301ec876663c48|internalurl|http:/controller:8774/v2/%(tenant_id)s|publicurl|http:/controller:8774/v2/%(tenant_id)s|region|regionOne|service_id|c488ce0439264ce6a204dbab59