Openstack 环境准备步骤.docx

准备工作环境信息 安装VirtualBox或者Vmare 虚拟机软件 安装好两台Centos-6.5-x86-64的虚拟机主机名IP地址作用描述LEth1:15LEth1:22环境准备操作系统准备 安装操作系统Centos-6.5-x86_64 基本系统: 1VCPU+1024M内存+30G硬盘 网络选择: 使用两个网卡Host-Only 和网络地址转换(NAT). 软件包选择: Basic Server + Development Tools. 关闭iptables和Selinux 设置所有节点的主机名和IP地址，同时使用内部DNS或者/etc/hosts做好主机名解析NTP时间同步 yum install ntp service ntpd start chkconfig ntpd on 内核参数调整 vim /etc/sysctl.conf net.ipv4.ip_forward=1 #修改 net.ipv4.conf.all.rp_filter=0 #增加 net.ipv4.conf.default.rp_filter=0 #修改 sysctl -p修改/etc/hosts0 0 0 关闭iptables和selinux /etc/init.d/iptables stop chkconfig iptables stop vim /etc/sysconfig/selinux SELINUX=disabled reboot基础软件包EPEL仓库 在所有控制节点，存储节点，计算节点上安装EPEL rpm -ivh /fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm基础软件包安装 在所有Openstack节点进行安装 yum -y update yum install -y python-pip gcc gcc-c+ make libtool patch automake python-devel libxslt-devel MySQL-python openssl-devel libudev-devel git wget libvirt-python libvirt qemu-kvm gedit python-numdisplay device-mapper bridge-utils libffi-devel libffi lrzszOpenstack 安装下载软件包(源码方式)wget /187494617/keystone-2014.2.tar.gzwget /187485781/nova-2014.2.tar.gzwget /187494192/glance-2014.2.tar.gzwget /187490944/horizon-2014.2.tar.gzwget /187490642/neutron-2014.2.tar.gzwget /196715848/cinder-2014.2.2.tar.gz 解压源码软件包(源码方式)tar zxf keystone-2014.2.tar.gztar zxf nova-2014.2.tar.gztar zxf glance-2014.2.tar.gztar zxf horizon-2014.2.tar.gztar zxf neutron-2014.2.tar.gztar zxf cinder-2014.2.2.tar.gz 注: 保证6个安装包都解压后再继续安装依赖的Python包(源码方式)cat */requirements.txt | sort -n | uniq openstack.txtpip install -r openstack.txt 注: 如果openstack.txt里面有重复的包名字或者是重复的版本注释掉其中一个 或者出现timeout，在重复执行安装编译文件的工具yum install -y /repos/rdo-release.rpmyum update -yyum install -y openstack-utils备注：以上rdo文件可能是7系类的系统，可以收到修改为6MySQL服务安装 yum install -y mysql mysql-server MySQL-python 修改/etc/fbind-address = 0default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = SET NAMES utf8character-set-server = utf8service mysqld startchkconfig mysqld on交互式配置MySQL root密码mysql_secure_installationQpid安装消息服务，设置客户端不需要验证使用服务yum -y install qpid-cpp-servervim /etc/qpidd.confauth=no启动qpid服务service qpidd startchkconfig qpidd on升级python2.7wget /ius-release.rpmrpm -Uvh ius-release*rpmyum -enablerepo=ius-archive install python27Keyston安装与配置安装keyston包yum -y install openstack-keystone python-keystoneclient 为keyston设置admin账户的toknADMIN_TOKEN=$(openssl rand -hex 10)echo $ADMIN_TOKENopenstack-config -set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN配置数据库连接openstack-config -set /etc/keystone/keystone.conf sql connection mysql:/keystone:zhang1230/keystone设置Keystone 用PKI tokenskeystone-manage pki_setup -keystone-user keystone -keystone-group keystonechown -R keystone:keystone /etc/keystone/ssl/ chmod -R o-rwx /etc/keystone/ssl初始化数据库openstack-db -init -service keystone -password zhang123启动keystone服务systemctl enable openstack-keystone.servicesystemctl start openstack-keystone.service设置认证信息export OS_SERVICE_TOKEN=echo $ADMIN_TOKENexport OS_SERVICE_ENDPOINT=0:35357/v2.0 创建admin租户keystone tenant-create -name admin -description Admin Tenant创建admin用户keystone user-create -name admin -pass zhang123 -email 1585422281创建admin角色keystone role-create -name admin将admin 角色赋予给 admin 租户和用户keystone user-role-add -user admin -tenant admin -role admin创建demo租户keystone tenant-create -name demo -description Demo Tenant在demo租户下创建demo用户keystone user-create -name demo -tenant demo -pass zhang123 -email 1585422281创建service租户keystone tenant-create -name service -description Service Tenant创建服务实体和身份认证服务keystone service-create -name keystone -type identity -description OpenStack Identity创建身份认证服务的API端点keystone endpoint-create -service-id $(keystone service-list | awk / identity / print $2) -publicurl 0:5000/v2.0 -internalurl 0:5000/v2.0 -adminurl 0:35357/v2.0 -region regionOne验证操作keystone -os-tenant-name admin -os-username admin -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 token-getkeystone -os-tenant-name admin -os-username admin -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 tenant-listkeystone -os-tenant-name admin -os-username admin -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 user-listkeystone -os-tenant-name admin -os-username admin -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 role-listkeystone -os-tenant-name demo -os-username demo -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 token-getkeystone -os-tenant-name demo -os-username demo -os-password zhang123 -os-auth-url http:/controller:35357/v2.0 user-list (报错403说明正确)Glance安装与配置安装Glance的包yum install openstack-glance python-glanceclient y配置Glance连接数据库openstack-config -set /etc/glance/glance-api.conf DEFAULT sql_connection mysql:/glance:zhang1230/glanceopenstack-config -set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql:/glance:zhang1230/glance初始化Glance数据库openstack-db -init -service glance -password zhang123创建 glance 用户keystone user-create -name glance -pass zhang123添加glance到glance角色keystone user-role-add -user glance -tenant service -role admin创建 glance 服务实体keystone service-create -name glance -type image -description OpenStack Image Service创建镜像服务的 API 端点keystone endpoint-create -service-id $(keystone service-list | awk / image / print $2) -publicurl 0:9292 -internalurl 0:9292 -adminurl 0:9292 -region regionOne修改glance api和register配置文件openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_uri 0:5000/v2.0openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_host 0openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_user glanceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_password zhang123openstack-config -set /etc/glance/glance-api.conf paste_deploy flavor keystoneopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_uri 0:5000/v2.0openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_host 0openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_user glanceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_password zhang123openstack-config -set /etc/glance/glance-registry.conf paste_deploy flavor keystone启动glance的相关的两个服务systemctl start openstack-glance-api.servicesystemctl start openstack-glance-registry.servicesystemctl enable openstack-glance-api.servicesystemctl enable openstack-glance-registry.service下载镜像验证wget /0.3.3/cirros-0.3.3-x86_64-disk.imgglance image-create -name cirros-0.3.3-x86_64 -file /root/cirros-0.3.3-x86_64-disk.img -disk-format qcow2 -container-format bare -is-public True progress查看镜像列表glance image-listNova安装与配置controller主机执行安装nova包yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient创建nova用户keystone user-create -name nova -pass zhang123为 nova 用户添加 admin 角色keystone user-role-add -user nova -tenant service -role admin创建 nova 服务实体keystone service-create -name nova -type compute -description OpenStack Compute创建计算服务的 API 入口点keystone endpoint-create -service-id $(keystone service-list | awk / compute / print $2) -publicurl 0:8774/v2/%(tenant_id)s -internalurl 0:8774/v2/%(tenant_id)s -adminurl 0:8774/v2/%(tenant_id)s -region regionOne修改Nova数据库连接openstack-config -set /etc/nova/nova.conf database connection mysql:/nova:zhang1230/nova初始化数据openstack-db -init -service nova -password zhang123修改Nova配置文件openstack-config -set /etc/nova/nova.conf DEFAULT rpc_backend qpidopenstack-config -set /etc/nova/nova.conf DEFAULT qpid_hostname 0openstack-config -set /etc/nova/nova.conf DEFAULT my_ip 0openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_listen 0openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 0openstack-config -set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_uri 0:5000openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_host 0openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_port 35357openstack-config -set /etc/nova/nova.conf keystone_authtoken admin_user novaopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_password zhang123添加api-paste.ini 的keystone认证信息openstack-config -set /etc/nova/api-paste.ini filter:authtoken paste.filter_factory keystoneclient.middleware.auth_token:filter_factoryopenstack-config -set /etc/nova/api-paste.ini filter:authtoken auth_host 0openstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name serviceopenstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_user novaopenstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_password zhang123启动并开机启动服务systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.servicesystemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service 查看nova服务验证nova-manage service list ps -ef|grep nova compute1主机执行安装nova相关包yum install -y openstack-nova-compute修改nova配置文件openstack-config -set /etc/nova/nova.conf database connection mysql:/nova:zhang1230/novaopenstack-config -set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_uri 0:5000openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_host 0openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_port 35357openstack-config -set /etc/nova/nova.conf keystone_authtoken admin_user novaopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_password zhang123openstack-config -set /etc/nova/nova.conf DEFAULT my_ip 0openstack-config -set /etc/nova/nova.conf DEFAULT vnc_enabled Trueopenstack-config -set /etc/nova/nova.conf DEFAULT vncserver_listen openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 0openstack-config -set /etc/nova/nova.conf DEFAULT novncproxy_base_url 0:6080/vnc_auto.htmlopenstack-config -set /etc/nova/nova.conf libvirt virt_type qemuopenstack-config -set /etc/nova/nova.conf DEFAULT glance_host 0 配置时间同步修改/etc/ntp.conf 修改server 0重启ntpq : systemctl restart ntpq.service 启动并开机启动systemctl enable libvirtd.service openstack-nova-compute.servicesystemctl start libvirtd.service openstack-nova-compute.service 在控制节点验证计算节点是否加入启动nova-manage service listNeutron安装与配置controller主机执行安装neutron包 yum install openstack-neutron openstack-neutron-ml2 python-neutronclient y创建 neutron 用户keystone user-create -name neutron -pass zhang123为 neutron 用户添加 admin 角色keystone user-role-add -user neutron -tenant service -role admin创建 neutron 服务实体keystone service-create -name neutron -type network -description OpenStack Networking创建网络服务的 API 端点keystone endpoint-create -service-id $(keystone service-list | awk / network / print $2) -publicurl 0:9696 -adminurl 0:9696 -internalurl 0:9696 -region regionOne创建数据库create database neutron;grant all privileges on neutron.* to neutronlocalhost identified by zhang123;grant all privileges on neutron.* to neutron% identified by zhang123;grant all privileges on neutron.* to neutroncontroller identified by zhang123;配置数据库连接openstack-config -set /etc/neutron/neutron.conf database connection mysql:/neutron:zhang1230/neutron配置keystone认证信息openstack-config -set /etc/neutron/neutron.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_uri 0:5000openstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_host 0openstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357openstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_user neutronopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_password zhang123配置qpidopenstack-config -set /etc/neutron/neutron.conf DEFAULT rpc_backend qpidopenstack-config -set /etc/neutron/neutron.conf DEFAULT qpid_hostname 0openstack-config -set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes Trueopenstack-config -set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes Trueopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_url 0:8774/v2openstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url 0:35357/v2.0openstack-config -set /etc/neutron/neutron.conf DEFAULT nova_region_name regionOneopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_username novaopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id 37e314570e0c4185b3130e010ec42521openstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_password zhang123配置Neutron ml2 plugin 用openvswitchln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.iniopenstack-config -set /etc/neutron/neutron.conf DEFAULT core_plugin ml2openstack-config -set /etc/neutron/neutron.conf DEFAULT service_plugin routeropenstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers greopenstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types greopenstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini mechanism_drivers openvswitchopenstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000openstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriveropenstack-config -set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True配置nova使用Neutron作为network服务openstack-config -set /etc/nova/nova.conf DEFAULT network_api_class work.neutronv2.api.APIope