先电云计算基础架构服务平台用户手册-XianDian-iaas-v2.1.doc

南京第五十五所技术开发有限公司云计算基础架构服务平台用户手册 版本：先电 iaas V2.1 发布日期：2017年04月20日南京第五十五所技术开发有限公司版本修订说明修订版本修订时间修订说明Xiandian-iaas-v2.02016年10月28日云计算基础架构服务平台用户手册2.0Xiandian-iaas-v2.12017年04月20日修改上个版本已知错误，部分配置文件进行修改优化，修改数据库连接，添加Trove组件，添加系统卸载脚本目 录1 基本环境配置91.1安装CentOS7说明101.2配置网络、主机名101.3配置yum源121.4编辑环境变量141.5通过脚本安装服务151.6安装Openstack包161.7配置域名解析161.8配置防火墙和Selinux161.9安装ntp服务171.10通过脚本安装服务171.11安装Mysql数据库服务171.12安装Mongo数据库服务181.13安装RabbitMQ服务191.14安装memcahce192 安装Keystone认证服务192.1 通过脚本安装keystone服务192.2安装keystone服务软件包192.3创建Keystone数据库202.4配置数据库连接202.5为keystone服务创建数据库表202.6创建令牌202.7创建签名密钥和证书202.8定义用户、租户和角色222.9创建admin-openrc.sh233 安装Glance镜像服务233.1 通过脚本安装glance服务233.2 安装Glance镜像服务软件包243.3创建Glance数据库243.4配置文件创建数据库连接243.5为镜像服务创建数据库表243.6创建用户243.7配置镜像服务253.8创建Endpoint和API端点263.9启动服务273.10上传镜像274 安装Nova计算服务274.1通过脚本安装nova服务274.2安装Nova 计算服务软件包284.3创建Nova数据库284.4创建计算服务表284.5创建用户294.6配置计算服务294.7创建Endpoint和API端点304.8启动服务314.9验证Nova314.10安装Nova计算服务软件包314.11配置Nova服务314.12检查系统处理器是否支持虚拟机的硬件加速334.13启动334.14 清除防火墙335 安装Neutron网络服务345.1通过脚本安装neutron服务345.2通过脚本创建neutron网络345.3创建Neutron数据库355.4创建用户355.5创建Endpoint和API端点355.6安装neutron网络服务软件包365.7配置Neutron服务365.8 编辑内核405.9 创建数据库415.10 启动服务和创建网桥415.11 安装软件包415.12 配置Neutron服务415.13 编辑内核445.14 启动服务进而创建网桥455.15 选择Neutron网络模式455.15.1 Flat455.15.2 Gre475.15.3 Vlan496 安装Dashboard服务516.1通过脚本安装dashboard服务516.2安装Dashboard服务软件包516.3配置516.4启动服务546.5访问546.6创建云主机（gre/vlan）557 安装Cinder块存储服务557.1 通过脚本安装Cinder服务557.2 安装Cinder块存储服务软件包557.3 创建数据库567.4 创建用户567.5 创建Endpoint和API端点567.6 配置Cinder服务577.7 创建数据库587.8 启动服务587.9 安装块存储软件587.10 创建LVM物理和逻辑卷597.11 修改Cinder配置文件597.12 重启服务607.13 验证608 安装Swift对象存储服务618.1通过脚本安装Swift服务618.2创建用户618.3创建Endpoint和API端点618.4 编辑/etc/swift/proxy-server.conf628.5 创建账号、容器、对象648.6 编辑/etc/swift/swift.conf文件658.7 启动服务和赋予权限658.8 安装软件包668.9 配置rsync668.10 配置账号、容器和对象688.11 修改Swift配置文件708.12 重启服务和赋予权限709 安装Trove服务719.1 执行脚本进行安装719.2 安装Trove数据库服务的软件包729.3 创建数据库729.4 创建用户729.5 创建Endpoint和API端点729.6 配置trove.conf文件739.7 配置trove-taskmanager.conf749.8 配置trove-conductor.conf文件769.9 配置trove-guestagent.conf文件779.10 同步数据库789.11 启动服务789.12 上传镜像799.13 创建数据库存储799.14 使用上传的镜像更新数据库7910 安装Heat编配服务8010.1通过脚本安装heat服务8010.2安装heat编配服务软件包8010.3创建数据库8010.4创建用户8010.5创建Endpoint和API端点8110.6配置Heat服务8110.7创建数据库8310.8启动服务8311 安装Ceilometer监控服务8411.1通过脚本安装Ceilometer服务8411.2 安装Ceilometer监控服务软件包8411.3 创建数据库8411.4 创建用户8411.5 创建Endpoint和API端点8511.6 配置Ceilometer8511.7 启动服务8711.8 监控组件8711.9 安装软件包8911.10 配置Ceilometer8912 安装Alarm监控服务9112.1通过脚本安装alarm服务9112.2 创建数据库9112.3 创建keystone用户9112.4 创建Endpoint和API9112.5 安装软件包9212.6 配置aodh9212.7 同步数据库9412.8 启动服务9413.添加控制节点资源到云平台9413.1 修改openrc.sh9413.2 运行iaas-install-nova-compute.sh9414 系统卸载9415 Xindian-IaaS-2.0版本升级说明：951 基本环境配置云计算平台的拓扑图如图1所示，IP地址规划如图1所示。云计算IaaS控制节点Interneteth0核心交换机中心防火墙Rabbit消息服务Neutron Server网络服务Dashboard管理界面Mysql数据库eth0Nova计算控制服务Glance镜像服务Keystone安全认证服务41/240/24eth1eth1Cinder存储控制服务0/24Swift 代理服务Heat编配服务Ceilometer 监控服务54/24云计算IaaS计算节点 /24Nova Compute计算服务42/24Neutron节点网络服务Cinder Volume存储服务Swift 存储服务Ceilometer监控代理图1云计算平台拓扑图本次搭建采用双节点安装，即controller node控制节点和compute node计算节点。enp8s0为外部网络，enp9s0为内部管理网络。存储节点安装操作系统时划分两个空白分区以sda，sdb为例。作为cinder和swift存储磁盘，搭建 ftp服务器作为搭建云平台的yum源。配置文件中密码需要根据实际环境进行配置。1.1安装CentOS7说明 【空白分区划分】CentOS7的安装与CentOS6.5的安装有明显的区别。在CentOS7安装过程中，设置分区都需要一个挂载点，这样一来就无法创建两个空白的磁盘分区作为cinder服务和swift服务的存储磁盘了。 所以我们应该在系统安装过程中留下足够的磁盘大小，系统安装完成后，使用命令parted划分新分区，然后使用mkfs.xfs进行文件系统格式化，完成空白分区的划分。具体命令如下：rootcompute # parted /dev/md126 (parted) mkpart swift 702G 803G /创建swift分区，从702G到803G rootcompute # mkfs.xfs /dev/md126p51.2配置网络、主机名修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*（具体的网口）文件。（1）controller节点配置网络：enp8s0: 0DEVICE=enp8s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=0PREFIX=24GATEWAY=enp9s0: 0DEVICE=enp9s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=0PREFIX=24配置主机名：重启网卡命令 service network restart# hostnamectl set-hostname controller按ctrl+d 退出 重新登陆（2）compute 节点配置网络：enp8s0: 0DEVICE=enp8s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=0PREFIX=24GATEWAY=enp9s0: 0DEVICE=enp9s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=0PREFIX=24配置主机名：# hostnamectl set-hostname compute按ctrl+d 退出 重新登陆1.3配置yum源#Controller和compute节点（1）yum源备份#mv /etc/yum.repos.d/* /opt/（2）创建repo文件【controller】在/etc/yum.repos.d创建centos.repo源文件centosname=centosbaseurl=file:/opt/centosgpgcheck=0enabled=1iaasname=iaasbaseurl=file:/opt/iaas-repogpgcheck=0enabled=1【compute】在/etc/yum.repos.d创建centos.repo源文件centosname=centosbaseurl=0/centosgpgcheck=0enabled=1iaasname=iaasbaseurl=0/iaas-repogpgcheck=0enabled=1（3）挂载iso文件【挂载CentOS-7-x86_64-DVD-1511.iso】rootcontroller # mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/rootcontroller # mkdir /opt/centosrootcontroller # cp -rvf /mnt/* /opt/centos/rootcontroller # umount /mnt/【挂载XianDian-IaaS-v2.0-1228.iso】rootcontroller # mount -o loop XianDian-IaaS-v2.0-1228.iso /mnt/rootcontroller # cp -rvf /mnt/* /opt/rootcontroller # umount /mnt/（4）搭建ftp服务器，开启并设置自启rootcontroller # yum install vsftpd yrootcontroller # vi /etc/vsftpd/vsftpd.conf添加anon_root=/opt/保存退出rootcontroller # systemctl start vsftpdrootcontroller # systemctl enable vsftpd（5）关闭防火墙并设置开机不自启【controller/compute】systemctl stop firewalldsystemctl disable firewalld（6）清除缓存，验证yum源【controller/compute】# yum clean all# yum list1.4编辑环境变量# controller和compute节点# yum install iaas-xiandian -y编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数，根据每项参数上一行的说明及服务器实际情况进行配置。HOST_IP=0HOST_NAME=controllerHOST_IP_NODE=0HOST_NAME_NODE=computeRABBIT_USER=openstackRABBIT_PASS=000000DB_PASS=000000DOMAIN_NAME=demo（自定义）ADMIN_PASS=000000DEMO_PASS=000000KEYSTONE_DBPASS=000000GLANCE_DBPASS=000000GLANCE_PASS=000000NOVA_DBPASS=000000NOVA_PASS=000000NEUTRON_DBPASS=000000NEUTRON_PASS=000000METADATA_SECRET=000000INTERFACE_NAME=enp9s0（外网网卡名）CINDER_DBPASS=000000CINDER_PASS=000000TROVE_DBPASS=000000TROVE_PASS=000000BLOCK_DISK=md126p4（空白分区名）SWIFT_PASS=000000OBJECT_DISK=md126p5（空白分区名）STORAGE_LOCAL_NET_IP=0HEAT_DBPASS=000000HEAT_PASS=000000CEILOMETER_DBPASS=000000CEILOMETER_PASS=000000AODH_DBPASS=000000AODH_PASS=0000001.5通过脚本安装服务1.6-1.9的基础配置操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：# Controller节点和Compute节点执行脚本iaas-pre-host.sh进行安装# 安装完成后同时重启rootcontroller # reboot1.6安装Openstack包# controller和compute节点# yum -y install openstack-utils openstack-selinux python-openstackclient# yum upgrade1.7配置域名解析修改/etc/hosts添加一下内容（1）controller 节点0 controller0 compute（2） compute 节点0 controller0 compute1.8配置防火墙和Selinux编辑selinux文件# vi /etc/selinux/configSELINUX=permissive关闭防火墙并设置开机不自启# systemctl stop firewalld.service# systemctl disable firewalld.service# yum remove -y NetworkManager firewalld# yum -y install iptables-services# systemctl enable iptables# systemctl restart iptables# iptables -F# iptables -X# iptables -X# service iptables save1.9安装ntp服务（1）controller和compute节点# yum -y install ntp（2）配置controller节点编辑/etc/ntp.conf文件添加以下内容（删除默认sever规则）server fudge stratum 10启动ntp服务器# service ntpd start # chkconfig ntpd on（3）配置compute节点# ntpdate controller# chkconfig ntpdate on1.10通过脚本安装服务1.11-1.14基础服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：# Controller节点执行脚本iaas-install-mysql.sh进行安装1.11安装Mysql数据库服务# yum install mysql mysql-server MySQL-python修改 /etc/f文件mysqld中添加max_connections=10000default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = SET NAMES utf8character-set-server = utf8启动服务#systemctl enable mariadb.service#systemctl start mariadb.service配置Mysql#mysql_secure_installation修改/usr/lib/systemd/system/mariadb.serviceService新添加两行如下参数：LimitNOFILE=10000LimitNPROC=10000重新加载系统服务，并重启mariadb服务# systemctl daemon-reload# service mariadb restart按enter确认后设置数据库root密码Remove anonymous users? Y/n yDisallow root login remotely? Y/n nRemove test database and access to it? Y/n yReload privilege tables now? Y/n y（2）compute节点#yum -y install MySQL-python1.12安装Mongo数据库服务#yum install -y mongodb-server mongodb编辑 /etc/mongod.conf文件删除bind_ip行修改 smallfiles = true#systemctl enable mongod.service#systemctl start mongod.service1.13安装RabbitMQ服务# yum install -y rabbitmq-serversystemctl enable rabbitmq-server.servicesystemctl restart rabbitmq-server.servicerabbitmqctl add_user openstack 000000rabbitmqctl set_permissions openstack .* .* .*1.14安装memcahce#yum install memcached python-memcachedsystemctl enable memcached.servicesystemctl restart memcached.service2 安装Keystone认证服务#Controller2.1 通过脚本安装keystone服务2.2-2.9的认证服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：# Controller节点执行脚本iaas-install-keystone.sh进行安装。2.2安装keystone服务软件包yum install -y openstack-keystone httpd mod_wsgi 2.3创建Keystone数据库# mysql u root -p（此处数据库密码为之前安装Mysql设置的密码）mysql CREATE DATABASE keystone;mysql GRANT ALL PRIVILEGES ON keystone.* TO keystonelocalhost IDENTIFIED BY KEYSTONE_DBPASS;mysql GRANT ALL PRIVILEGES ON keystone.* TO keystone% IDENTIFIED BY KEYSTONE_DBPASS;mysql exit2.4配置数据库连接#openstack-config -set /etc/keystone/keystone.conf database connection mysql+pymysql:/keystone:KEYSTONE_DBPASScontroller/keystone 2.5为keystone服务创建数据库表#su -s /bin/sh -c keystone-manage db_sync keystone2.6创建令牌#ADMIN_TOKEN=$(openssl rand -hex 10)#openstack-config -set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN#openstack-config -set /etc/keystone/keystone.conf token provider fernet2.7创建签名密钥和证书#keystone-manage fernet_setup -keystone-user keystone -keystone-group keystone修改/etc/httpd/conf/httpd.conf配置文件将ServerName :80 替换为ServerName controller创建/etc/httpd/conf.d/wsgi-keystone.conf文件，内容如下：Listen 5000Listen 35357 WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%GROUP WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %GLOBAL WSGIPassAuthorization On ErrorLogFormat %cut %M ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%GROUP WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %GLOBAL WSGIPassAuthorization On ErrorLogFormat %cut %M ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted #systemctl enable httpd.service#systemctl start httpd.service2.8定义用户、租户和角色（1）设置环境变量export OS_TOKEN=$ADMIN_TOKENexport OS_URL=http:/controller:35357/v3export OS_IDENTITY_API_VERSION=3（2）创建keystone相关内容openstack service create -name keystone -description OpenStack Identity identityopenstack endpoint create -region RegionOne identity public http:/controller:5000/v3 openstack endpoint create -region RegionOne identity internal http:/controller:5000/v3openstack endpoint create -region RegionOne identity admin http:/controller:35357/v3openstack domain create -description Default Domain defaultopenstack project create -domain default -description Admin Project adminopenstack user create -domain default -password 000000 adminopenstack role create adminopenstack role add -project admin -user admin adminopenstack project create -domain default -description Service Project serviceopenstack project create -domain default -description Demo Project demoopenstack user create -domain default -password 000000 demoopenstack role create useropenstack role add -project demo -user demo user（3）清除环境变量#unset OS_TOKEN OS_URL2.9创建admin-openrc.sh创建admin环境变量admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=000000export OS_AUTH_URL=http:/controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2生效环境变量#source admin-openrc.sh3 安装Glance镜像服务#Controller3.1 通过脚本安装glance服务3.2-3.9的镜像服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：# Controller 节点执行脚本iaas-install-glance.sh进行安装3.2 安装Glance镜像服务软件包# yum install -y openstack-glance 3.3创建Glance数据库#mysql -u root -pmysql CREATE DATABASE glance;mysql GRANT ALL PRIVILEGES ON glance.* TO glancelocalhost IDENTIFIED BY GLANCE_DBPASS;mysql GRANT ALL PRIVILEGES ON glance.* TO glance% IDENTIFIED BY GLANCE_DBPASS;3.4配置文件创建数据库连接# openstack-config -set /etc/glance/glance-api.conf database connection mysql+pymysql:/glance:GLANCE_DBPASScontroller/glance#openstack-config -set /etc/glance/glance-registry.conf database connection mysql+pymysql:/glance:GLANCE_DBPASScontroller/glance3.5为镜像服务创建数据库表# su -s /bin/sh -c glance-manage db_sync glance3.6创建用户openstack user create -domain default -password 000000 glanceopenstack role add -project service -user glance admin3.7配置镜像服务openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_uri http:/controller:5000openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_url http:/controller:35357openstack-config -set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_type passwordopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken project_domain_name defaultopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken user_domain_name defaultopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken project_name serviceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken username glanceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken password 000000openstack-config -set /etc/glance/glance-api.conf paste_deploy flavor keystoneopenstack-config -set /etc/glance/glance-api.conf paste_deploy config_file /usr/share/glance/glance-api-dist-paste.iniopenstack-config -set /etc/glance/glance-api.conf glance_store stores file,httpopenstack-config -set /etc/glance/glance-api.conf glance_store default_store fileopenstack-config -set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http:/controller:5000openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_url http:/controller:35357openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_type passwordopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name defaultopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name defaultopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken project_name serviceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken username glanceopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken password 000000openstack-config -set /etc/glance/glance-registry.conf paste_deploy flavor keystoneopenstack-config -set /etc/glance/glance-registry.conf paste_deploy config_file /usr/share/glance/glance-registry-dist-paste.ini3.8创建Endpoint和API端点openstack service create -name glance -description OpenStack Image imageopenstack endpoint create -region RegionOne image public http:/controller:9292openstack endpoint create -region RegionOne image internal http:/controller:9292openstack endpoint create -region RegionOne image admin http:/controller:92923.9启动服务systemctl enable openstack-glance-api.service openstack-glance-registry.servicesystemctl restart openstack-glance-api.service openstack-g