OpenStack 手动安装手册(Icehouse).docx

部署架构为了更好的展现OpenStack各组件分布式部署的特点，以及逻辑网络配置的区别，本实验不采用All in One 的部署模式，而是采用多节点分开部署的方式，方便后续学习研究。网络拓扑环境准备本实验采用Virtualbox Windows 版作为虚拟化平台，模拟相应的物理网络和物理服务器，如果需要部署到真实的物理环境，此步骤可以直接替换为在物理机上相应的配置，其原理相同。Virtualbox 下载地址：/wiki/Downloads虚拟网络需要新建3个虚拟网络Net0、Net1和Net2，其在virtual box 中对应配置如下。Net0: Network name: VirtualBox host-only Ethernet Adapter#2 Purpose: administrator / management network IP block: /24 DHCP: disable Linux device: eth0Net1: Network name: VirtualBox host-only Ethernet Adapter#3 Purpose: public network DHCP: disable IP block: /24 Linux device: eth1Net2： Network name: VirtualBox host-only Ethernet Adapter#4 Purpose: Storage/private network DHCP: disable IP block: /24 Linux device: eth2虚拟机需要新建3个虚拟机VM0、VM1和VM2，其对应配置如下。VM0： Name: controller0 vCPU:1 Memory :1G Disk:30G Networks: net1VM1： Name : network0 vCPU:1 Memory :1G Disk:30G Network:net1,net2,net3VM2： Name: compute0 vCPU:2 Memory :2G Disk:30G Networks:net1,net3网络设置controller0 eth0:0 (management network) eht1:(disabled) eht2:(disabled)network0 eth0:0 (management network) eht1:0 (public/external network) eht2:0 (private network)compute0 eth0:0 (management network) eht1:(disabled) eht2:0 (private network)compute1 (optional) eth0:1 (management network) eht1:(disabled) eht2:1 (private network)操作系统准备本实验使用Linux 发行版 CentOS 6.5 x86_64，在安装操作系统过程中，选择的初始安装包为“基本”安装包，安装完成系统以后还需要额外配置如下YUM 仓库。ISO文件下载：/centos/6.5/isos/x86_64/CentOS-6.5-x86_64-bin-DVD1.isoEPEL源:/pub/epel/6/x86_64/RDO源:/repos/openstack/openstack-icehouse/自动配置执行如此命令即可，源安装完成后更新所有RPM包，由于升级了kernel 需要重新启动操作系统。yum install -y /repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpmyum install -y /pub/epel/6/x86_64/epel-release-6-8.noarch.rpmyum update -yreboot -h 0接下来可以开始安装配置啦！公共配置（all nodes）以下命令需要在每一个节点都执行。修改hosts 文件vi /etc/hosts localhost:1 localhost 0 controller0 0 network00 compute0禁用 selinuxvi /etc/selinux/configSELINUX=disabled安装NTP 服务yum install ntp -yservice ntpd startchkconfig ntpd on修改NTP配置文件，配置从controller0时间同步。(除了controller0以外)vi /etc/ntp.confserver 0fudge 0 stratum 10 # LCL is unsynchronized立即同步并检查时间同步配置是否正确。(除了controller0以外)ntpdate -u 0service ntpd restartntpq -p清空防火墙规则vi /etc/sysconfig/iptables*filter:INPUT ACCEPT 0:0:FORWARD ACCEPT 0:0:OUTPUT ACCEPT 0:0COMMIT重启防火墙，查看是否生效service iptables restartiptables -L安装openstack-utils,方便后续直接可以通过命令行方式修改配置文件yum install -y openstack-utils基本服务安装与配置（controller0 node）基本服务包括NTP 服务、MySQL数据库服务和AMQP服务，本实例采用MySQL 和Qpid 作为这两个服务的实现。修改NTP配置文件，配置从 时间同步。vi /etc/ntp.confserver 重启ntp serviceservice ntpd restartMySQL 服务安装yum install -y mysql mysql-server MySQL-python修改MySQL配置vi /etc/fmysqldbind-address = default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = SET NAMES utf8character-set-server = utf8启动MySQL服务service mysqld startchkconfig mysqld on交互式配置MySQL root 密码，设置密码为“openstack”mysql_secure_installationQpid 安装消息服务，设置客户端不需要验证使用服务yum install -y qpid-cpp-servervi /etc/qpidd.confauth=no配置修改后，重启Qpid后台服务service qpidd startchkconfig qpidd on控制节点安装（controller0）主机名设置vi /etc/sysconfig/networkHOSTNAME=controller0网卡配置vi /etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0TYPE=EthernetONBOOT=yesNM_CONTROLLED=yesBOOTPROTO=staticIPADDR=0NETMASK=网络配置文件修改完后重启网络服务serice network restartKeyston 安装与配置(chownkeystone:keystone/var/log/keystone/keystone.log )安装keystone 包yum install openstack-keystone python-keystoneclient -y为keystone 设置admin 账户的 toknADMIN_TOKEN=$(openssl rand -hex 10)echo $ADMIN_TOKENopenstack-config -set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN配置数据连接openstack-config -set /etc/keystone/keystone.conf sql connection mysql:/keystone:openstackcontroller0/keystoneopenstack-config -set /etc/keystone/keystone.conf DEFAULT debug Trueopenstack-config -set /etc/keystone/keystone.conf DEFAULT verbose True设置Keystone 用 PKI tokenskeystone-manage pki_setup -keystone-user keystone -keystone-group keystonechown -R keystone:keystone /etc/keystone/sslchmod -R o-rwx /etc/keystone/ssl为Keystone 建表mysql -uroot -popenstack -e CREATE DATABASE keystone;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON keystone.* TO keystonelocalhost IDENTIFIED BY openstack;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON keystone.* TO keystonecontroller0 IDENTIFIED BY openstack;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON keystone.* TO keystone% IDENTIFIED BY openstack;初始化Keystone数据库su -s /bin/sh -c keystone-manage db_sync 也可以直接用openstack-db 工具初始数据库openstack-db -init -service keystone -password openstack启动keystone 服务service openstack-keystone startchkconfig openstack-keystone on设置认证信息export OS_SERVICE_TOKEN=echo $ADMIN_TOKENexport OS_SERVICE_ENDPOINT=http:/controller0:35357/v2.0创建管理员和系统服务使用的租户keystone tenant-create -name=admin -description=Admin Tenantkeystone tenant-create -name=service -description=Service Tenant创建管理员用户keystone user-create -name=admin -pass=admin -email=创建管理员角色keystone role-create -name=admin为管理员用户分配管理员角色keystone user-role-add -user=admin -tenant=admin -role=admin为keystone 服务建立 endpointskeystone service-create -name=keystone -type=identity -description=Keystone Identity Service为keystone 建立 servie 和 endpoint 关联keystone endpoint-create -service-id=$(keystone service-list | awk / identity / print $2) -publicurl=http:/controller0:5000/v2.0 -internalurl=http:/controller0:5000/v2.0 -adminurl=http:/controller0:35357/v2.0验证keystone 安装的正确性取消先前的Token变量，不然会干扰新建用户的验证。unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT先用命令行方式验证keystone -os-username=admin -os-password=admin -os-auth-url=http:/controller0:35357/v2.0 token-getkeystone -os-username=admin -os-password=admin -os-tenant-name=admin -os-auth-url=http:/controller0:35357/v2.0 token-get让后用设置环境变量认证,保存认证信息vi /keystonercexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_TENANT_NAME=adminexport OS_AUTH_URL=http:/controller0:35357/v2.0source 该文件使其生效source keystonerckeystone token-getKeystone 安装结束。Glance 安装与配置安装Glance 的包yum install openstack-glance python-glanceclient -y配置Glance 连接数据库openstack-config -set /etc/glance/glance-api.conf DEFAULT sql_connection mysql:/glance:openstackcontroller0/glanceopenstack-config -set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql:/glance:openstackcontroller0/glance初始化Glance数据库openstack-db -init -service glance -password openstack创建glance 用户keystone user-create -name=glance -pass=glance -email=并分配service角色keystone user-role-add -user=glance -tenant=service -role=admin创建glance 服务keystone service-create -name=glance -type=image -description=Glance Image Service创建keystone 的endpointkeystone endpoint-create -service-id=$(keystone service-list | awk / image / print $2) -publicurl=http:/controller0:9292 -internalurl=http:/controller0:9292 -adminurl=http:/controller0:9292用openstack util 修改glance api 和 register 配置文件openstack-config -set /etc/glance/glance-api.conf DEFAULT debug Trueopenstack-config -set /etc/glance/glance-api.conf DEFAULT verbose Trueopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_uri http:/controller0:5000openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_host controller0openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_user glanceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_password glanceopenstack-config -set /etc/glance/glance-api.conf paste_deploy flavor keystoneopenstack-config -set /etc/glance/glance-registry.conf DEFAULT debug Trueopenstack-config -set /etc/glance/glance-registry.conf DEFAULT verbose Trueopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http:/controller0:5000openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller0openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_user glanceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_password glanceopenstack-config -set /etc/glance/glance-registry.conf paste_deploy flavor keystone启动glance 相关的两个服务service openstack-glance-api startservice openstack-glance-registry startchkconfig openstack-glance-api onchkconfig openstack-glance-registry on下载最Cirros镜像验证glance 安装是否成功wget /0.3.1/cirros-0.3.1-x86_64-disk.imgglance image-create -progress -name=CirrOS 0.3.1 -disk-format=qcow2 -container-format=ovf -is-public=true cirros-0.3.1-x86_64-disk.img查看刚刚上传的imageglance image-list如果显示相应的image 信息说明安装成功。Nova 安装与配置yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient在keystone中创建nova相应的用户和服务keystone user-create -name=nova -pass=nova -email=keystone user-role-add -user=nova -tenant=service -role=adminkeystone 注册服务keystone service-create -name=nova -type=compute -description=Nova Compute Servicekeystone 注册endpointkeystone endpoint-create -service-id=$(keystone service-list | awk / compute / print $2) -publicurl=http:/controller0:8774/v2/%(tenant_id)s -internalurl=http:/controller0:8774/v2/%(tenant_id)s -adminurl=http:/controller0:8774/v2/%(tenant_id)s配置nova MySQL 连接openstack-config -set /etc/nova/nova.conf database connection mysql:/nova:openstackcontroller0/nova初始化数据库openstack-db -init -service nova -password openstack配置nova.confopenstack-config -set /etc/nova/nova.conf DEFAULT debug Trueopenstack-config -set /etc/nova/nova.conf DEFAULT verbose Trueopenstack-config -set /etc/nova/nova.conf DEFAULT rpc_backend qpid openstack-config -set /etc/nova/nova.conf DEFAULT qpid_hostname controller0openstack-config -set /etc/nova/nova.conf DEFAULT my_ip 0openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_listen 0openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 0openstack-config -set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_uri http:/controller0:5000openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_host controller0openstack-config -set /etc/nova/nova.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_port 35357openstack-config -set /etc/nova/nova.conf keystone_authtoken admin_user novaopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/nova/nova.conf keystone_authtoken admin_password nova添加api-paste.ini 的 Keystone认证信息openstack-config -set /etc/nova/api-paste.ini filter:authtoken paste.filter_factory keystoneclient.middleware.auth_token:filter_factoryopenstack-config -set /etc/nova/api-paste.ini filter:authtoken auth_host controller0openstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_tenant_name serviceopenstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_user novaopenstack-config -set /etc/nova/api-paste.ini filter:authtoken admin_password nova启动服务service openstack-nova-api startservice openstack-nova-cert startservice openstack-nova-consoleauth startservice openstack-nova-scheduler startservice openstack-nova-conductor startservice openstack-nova-novncproxy start添加到系统服务chkconfig openstack-nova-api onchkconfig openstack-nova-cert onchkconfig openstack-nova-consoleauth onchkconfig openstack-nova-scheduler onchkconfig openstack-nova-conductor onchkconfig openstack-nova-novncproxy on检查服务是否正常nova-manage service listrootcontroller0 # nova-manage service listBinary Host Zone Status State Updated_Atnova-consoleauth controller0 internal enabled :-) 2013-11-12 11:14:56nova-cert controller0 internal enabled :-) 2013-11-12 11:14:56nova-scheduler controller0 internal enabled :-) 2013-11-12 11:14:56nova-conductor controller0 internal enabled :-) 2013-11-12 11:14:56检查进程rootcontroller0 # ps -ef|grep novanova 7240 1 1 23:11 ? 00:00:02 /usr/bin/python /usr/bin/nova-api -logfile /var/log/nova/api.lognova 7252 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-cert -logfile /var/log/nova/cert.lognova 7264 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-consoleauth -logfile /var/log/nova/consoleauth.lognova 7276 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-scheduler -logfile /var/log/nova/scheduler.lognova 7288 1 1 23:11 ? 00:00:01 /usr/bin/python /usr/bin/nova-conductor -logfile /var/log/nova/conductor.lognova 7300 1 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-novncproxy -web /usr/share/novnc/nova 7336 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api -logfile /var/log/nova/api.lognova 7351 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api -logfile /var/log/nova/api.lognova 7352 7240 0 23:11 ? 00:00:00 /usr/bin/python /usr/bin/nova-api -logfile /var/log/nova/api.logNeutron server安装与配置安装Neutron server 相关包yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient在keystone中创建 Neutron 相应的用户和服务keystone user-create -name neutron -pass neutron -email keystone user-role-add -user neutron -tenant service -role adminkeystone service-create -name neutron -type network -description OpenStack Networkingkeystone endpoint-create -service-id $(keystone service-list | awk / network / print $2) -publicurl http:/controller0:9696 -adminurl http:/controller0:9696 -internalurl http:/controller0:9696为Neutron 在MySQL建数据库mysql -uroot -popenstack -e CREATE DATABASE neutron;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON neutron.* TO neutronlocalhost IDENTIFIED BY openstack;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON neutron.* TO neutron% IDENTIFIED BY openstack;mysql -uroot -popenstack -e GRANT ALL PRIVILEGES ON neutron.* TO neutroncontroller0 IDENTIFIED BY openstack;配置MySQLopenstack-config -set /etc/neutron/neutron.conf database connection mysql:/neutron:openstackcontroller0/neutron配置Neutron Keystone 认证openstack-config -set /etc/neutron/neutron.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_uri http:/controller0:5000openstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_host controller0openstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357openstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_user neutronopenstack-config -set /etc/neutron/neutron.conf keystone_authtoken admin_password neutron配置Neutron qpidopenstack-config -set /etc/neutron/neutron.conf DEFAULT rpc_backend mon.rpc.impl_qpidopenstack-config -set /etc/neutron/neutron.conf DEFAULT qpid_hostname controller0/neutron 到nova的消息提醒/openstack-config -set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes Trueopenstack-config -set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes Trueopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_url http:/controller0:8774/v2openstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_username novaopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk / service / print $2 )openstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_password novaopenstack-config -set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http:/controller0:35357/v2.0配置Neutron ml2 plugin 用openvswitchln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.iniopenstack-config -set /etc/neutron/neutron.conf DEFAULT co