Openstack部署手册.docx

目录一、服务器配置2二、组件安装3三、数据库安装配置4四、Keystone配置4五、glance配置7六、nova配置8七、dashboard配置11八、镜像制作11附件一：配置文件11附件二：安装错误处理18一、服务器配置1、下载ubuntu 12.04. 服务器版本。地址：/precise/ubuntu-12.04-beta2-server-amd64.iso2、安装OS操作系统最小化安装，只需要安装ssh server，其他组件不需要。操作系统安装好需要更新源里的包、系统。确保装的是最新版本的包。命令如下：apt-get updateapt-get upgrade注：更新时网络代理配置如下：rootubuntu:/opt# cat /etc/apt/apt.confAcquire:http:Proxy 36:8080/;3、root权限zhangubuntu:$ sudo passwdsudo password for zhang: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully4、网络配置rootubuntu:/opt# cat /etc/network/interfaces # This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceauto eth0iface eth0 inet static address 6 netmask 28 network broadcast 27 gateway # dns-* options are implemented by the resolvconf package, if installed dns-nameservers auto eth1iface eth1 inet static address 30 netmask 28 network 28 broadcast 55二、组件安装1、bridge配置使用apt-get安装如下：apt-get install bridge-utils/etc/init.d/networking restart2、NTP配置apt-get install ntp编辑 /etc/ntp.conf 在末尾添加下面3行server iburstserver fudge stratum 10重启服务service ntp restart3、iscsi配置apt-get install tgt/etc/init.d/tgt startapt-get install open-iscsi open-iscsi-utils4、rabbitmq配置apt-get install rabbitmq-server memcached python-memcacheapt-get install kvm libvirt-bin三、数据库安装配置1、安装数据库apt-get install mysql-server python-mysqldb编辑/etc/mysql/f, 允许网络访问mysql#bind-address = bind-address = 重启mysql服务/etc/init.d/mysql restart2、创建相关数据库mysql -uroot -p123456CREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO nova% IDENTIFIED BY 123456;CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO glance% IDENTIFIED BY 123456;CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO keystone%IDENTIFIED BY 123456;quit四、Keystone配置1、keystone的安装apt-get install keystone python-keystone python-keystoneclient2、keystone配置编辑/etc/keystone/keystone.confDEFAULT#bind_host = public_port = 5000admin_port = 35357#admin_token = ADMINadmin_token = adminsql#connection = sqlite:/var/lib/keystone/keystone.dbconnection = mysql:/keystone:1234566/keystone3、重启服务service keystone restart4、同步数据库keystone-manage db_sync5、导入数据和endpoint为了方便，你可以直接使用下面2个脚本来进行全部的设置（1）、keystone_data.sh 导入用户信息wget /wp-content/uploads/2012/07/keystone_data.sh_.txtmv keystone_data.sh_.txt keystone_data.shchmod +x keystone_data.sh对于keystone_data.sh 脚本，默认的登陆dashboard的密码是：chenshake，Token是chenshake。你可以根据你的情况进行调整。第一行是登陆dashboard的密码。第三行是上面设置的Keystone的TokenADMIN_PASSWORD=$ADMIN_PASSWORD:-123456SERVICE_PASSWORD=$SERVICE_PASSWORD:-$ADMIN_PASSWORD#export SERVICE_TOKEN=chenshakeexport SERVICE_TOKEN=adminexport SERVICE_ENDPOINT=http:/localhost:35357/v2.0SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME:-serviceENABLED_SERVICES=swift验证是否正常./keystone_data.sh 没任何输出，就表示正确echo $? 显示0，就表示脚本正确运行（2）、endpoints.sh 设置endpointwget /wp-content/uploads/2012/07/endpoints.sh_.txtmv endpoints.sh_.txt endpoints.shchmod +x endpoints.sh这个脚本运行，需要使用不少参数./endpoints.sh -m 6 -u keystone -D keystone -p 123456 -T admin -K 6 -R RegionOne -E http:/localhost:35357/v2.0 -S 6参数说明-m mysql_hostname-u mysql_username-D mysql_database-p mysql_password-K keystone 服务器IP-R keystone_region-E keystone_endpoint_url-S swift proxy节点IP-T keystone_token正常运行，会输出一堆内容。（3）、设置环境变量rootserver1:# Vi /.bashrc.或/etc/profile 在文件末尾处export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http:/localhost:5000/v2.0/验证：rootserver1:#source /.bashrc.或/etc/profilerootserver1:# export | grep OS_declare -x OS_AUTH_URL=http:/localhost:5000/v2.0/declare -x OS_PASSWORD=123456declare -x OS_TENANT_NAME=admindeclare -x OS_USERNAME=admin6、测试keyston是否正确安装keystone user-listkeystone endpoint-listkeystone tenant-listkeystone user-listkeystone role-list如：若测试成功说明keystone安装正确。五、glance配置1、glance安装apt-get install glance glance-api glance-client glance-common glance-registry python-glance2、glance配置编辑 /etc/glance/glance-api-paste.ini，/etc/glance/glance-registry-paste.ini,两个文件，都是修改文档最后3行#admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin_user = glanceadmin_password = 123456#dashboard password编辑/etc/glance/glance-registry.conf，改成使用mysql验证#sql_connection = sqlite:/var/lib/glance/glance.sqlitesql_connection = mysql:/glance:12345601/glance编辑/etc/glance/glance-registry.conf 和 /etc/glance/glance-api.conf ，都在文件末尾添加两行paste_deployflavor = keystone3、glance 同步数据库glance-manage version_control 0glance-manage db_sync4、重启服务service glance-api restart & service glance-registry restart5、设置永久环境变量修改 /.bashrc.或/etc/profile , 在末尾添加下面内容export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http:/localhost:5000/v2.0/注：在keystone中设置过环境变量后无需再配置环境变量。6、测试glanceglance index没有输出，表示正常，因为目前还没有镜像。六、nova配置1、安装novaapt-get install nova-api nova-cert nova-compute nova-compute-kvm nova-doc nova-network nova-objectstore nova-scheduler nova-volume rabbitmq-server novnc nova-consoleauth2、配置nova使用vi /etc/nova/nova.conf编辑该文件修改。外网地址6。内网地址30。-dhcpbridge_flagfile=/etc/nova/nova.conf-dhcpbridge=/usr/bin/nova-dhcpbridge-logdir=/var/log/nova-state_path=/var/lib/nova-lock_path=/run/lock/nova-allow_admin_api=true-use_deprecated_auth=false-auth_strategy=keystone-scheduler_driver=nova.scheduler.simple.SimpleScheduler-s3_host=6-ec2_host=6-rabbit_host=6-cc_host=6-nova_url=6:8774/v1.1/-routing_source_ip=6-glance_api_servers=6:9292-image_service=nova.image.glance.GlanceImageService-iscsi_ip_prefix=192.168.4-sql_connection=mysql:/nova:1234566/nova-ec2_url=6:8773/services/Cloud-keystone_ec2_url=6:5000/v2.0/ec2tokens-api_paste_config=/etc/nova/api-paste.ini-libvirt_type=kvm-libvirt_use_virtio_for_bridges=true-start_guests_on_host_boot=true-resume_guests_state_on_host_boot=true# vnc specific configuration-novnc_enabled=true-novncproxy_base_url=6:6080/vnc_auto.html-vncserver_proxyclient_address=6-vncserver_listen=6# network specific settings-network_manager=work.manager.FlatDHCPManager-public_interface=eth0-flat_interface=eth1-flat_network_bridge=br100-fixed_range=30/25-floating_range=6/25-network_size=32-flat_network_dhcp_start=62-flat_injected=False-force_dhcp_release-iscsi_helper=tgtadm-connection_type=libvirt-root_helper=sudo nova-rootwrap-verbose使用vi /etc/nova/api-paste.ini编辑文件修改！#admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin_user = novaadmin_password = 1234563、相关服务重启/etc/init.d/libvirt-bin restart/etc/init.d/nova-network restart/etc/init.d/nova-compute restart/etc/init.d/nova-api restart/etc/init.d/nova-objectstore restart/etc/init.d/nova-scheduler restart/etc/init.d/nova-volume restart/etc/init.d/nova-consoleauth restart4、同步数据库nova-manage db sync5、设置目录权限chown -R nova:nova /etc/novachmod 644 /etc/nova/nova.conf6、创建fix ip(内网ip)nova-manage network create private -fixed_range_v4=30/25 -num_networks=1 -bridge=br100 -bridge_interface=eth1 -network_size=327、创建floating IP(公网ip)nova-manage floating create -ip_range=6/258、重启服务/etc/init.d/libvirt-bin restart/etc/init.d/nova-network restart/etc/init.d/nova-compute restart/etc/init.d/nova-api restart/etc/init.d/nova-objectstore restart/etc/init.d/nova-scheduler restart/etc/init.d/nova-volume restart/etc/init.d/nova-consoleauth restart9、验证测试nova-manage service listnova listnova image-listnova floating-ip-createnova flavor-listnova secgroup-listnova secgroup-list-rules default10、开放远程连接端口nova secgroup-add-rule default tcp 22 22 /0nova secgroup-add-rule default icmp -1 -1 /0七、dashboard配置1、安装dashboardapt-get install openstack-dashboard2、重启apacheservice apache2 restart八、镜像制作下载官方做好的ubuntu镜像即可wget /precise/current/precise-server-cloudimg-amd64-disk1.img上传镜像glance add name=Ubuntu 12.04 cloudimg amd64 is_public=true container_format=ovf disk_format=qcow2 /root/precise-server-cloudimg-amd64-disk1.img附件一：配置文件keystone_data.sh#!/bin/bash# Initial data for Keystone using python-keystoneclient# Tenant User Roles# -# admin admin admin# service glance admin# service nova admin, ResellerAdmin (swift only)# service quantum admin # if enabled# service swift admin # if enabled# demo admin admin# demo demo Member, anotherrole# invisible_to_admin demo Member# Variables set before calling this script:# SERVICE_TOKEN - aka admin_token in keystone.conf# SERVICE_ENDPOINT - local Keystone admin endpoint# SERVICE_TENANT_NAME - name of tenant containing service accounts# ENABLED_SERVICES - stack.shs list of services to start# DEVSTACK_DIR - Top-level DevStack directory#ADMIN_PASSWORD=$ADMIN_PASSWORD:-chenshakeADMIN_PASSWORD=$ADMIN_PASSWORD:-$OS_PASSWORD#SERVICE_PASSWORD=$SERVICE_PASSWORD:-$ADMIN_PASSWORD#export SERVICE_TOKEN=chenshake#export SERVICE_ENDPOINT=http:/localhost:35357/v2.0SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME:-serviceENABLED_SERVICES=swiftfunction get_id () echo $ | awk / id / print $4 # TenantsADMIN_TENANT=$(get_id keystone tenant-create -name=admin)SERVICE_TENANT=$(get_id keystone tenant-create -name=$SERVICE_TENANT_NAME)#DEMO_TENANT=$(get_id keystone tenant-create -name=demo)#INVIS_TENANT=$(get_id keystone tenant-create -name=invisible_to_admin)# UsersADMIN_USER=$(get_id keystone user-create -name=admin -pass=$ADMIN_PASSWORD -email=)#DEMO_USER=$(get_id keystone user-create -name=demo # -pass=$ADMIN_PASSWORD # -email=)# RolesADMIN_ROLE=$(get_id keystone role-create -name=admin)KEYSTONEADMIN_ROLE=$(get_id keystone role-create -name=KeystoneAdmin)KEYSTONESERVICE_ROLE=$(get_id keystone role-create -name=KeystoneServiceAdmin)# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used# TODO(sleepsonthefloor): show how this can be used for rbac in the future!ANOTHER_ROLE=$(get_id keystone role-create -name=anotherrole)# Add Roles to Users in Tenantskeystone user-role-add -user $ADMIN_USER -role $ADMIN_ROLE -tenant_id $ADMIN_TENANT#keystone user-role-add -user $ADMIN_USER -role $ADMIN_ROLE -tenant_id $DEMO_TENANT#keystone user-role-add -user $DEMO_USER -role $ANOTHER_ROLE -tenant_id $DEMO_TENANT# TODO(termie): these two might be dubiouskeystone user-role-add -user $ADMIN_USER -role $KEYSTONEADMIN_ROLE -tenant_id $ADMIN_TENANTkeystone user-role-add -user $ADMIN_USER -role $KEYSTONESERVICE_ROLE -tenant_id $ADMIN_TENANT# The Member role is used by Horizon and Swift so we need to keep it:MEMBER_ROLE=$(get_id keystone role-create -name=Member)#keystone user-role-add -user $DEMO_USER -role $MEMBER_ROLE -tenant_id $DEMO_TENANT#keystone user-role-add -user $DEMO_USER -role $MEMBER_ROLE -tenant_id $INVIS_TENANT# Configure service users/rolesNOVA_USER=$(get_id keystone user-create -name=nova -pass=$SERVICE_PASSWORD -tenant_id $SERVICE_TENANT -email=)keystone user-role-add -tenant_id $SERVICE_TENANT -user $NOVA_USER -role $ADMIN_ROLEGLANCE_USER=$(get_id keystone user-create -name=glance -pass=$SERVICE_PASSWORD -tenant_id $SERVICE_TENANT -email=)keystone user-role-add -tenant_id $SERVICE_TENANT -user $GLANCE_USER -role $ADMIN_ROLEif $ENABLED_SERVICES = swift ; then SWIFT_USER=$(get_id keystone user-create -name=swift -pass=$SERVICE_PASSWORD -tenant_id $SERVICE_TENANT -email=) keystone user-role-add -tenant_id $SERVICE_TENANT -user $SWIFT_USER -role $ADMIN_ROLE # Nova needs ResellerAdmin role to download images when accessing # swift through the s3 api. The admin role in swift allows a user # to act as an admin for their tenant, but ResellerAdmin is needed # for a user to act as any tenant. The name of this role is also # configurable in swift-proxy.conf RESELLER_ROLE=$(get_id keystone role-create -name=ResellerAdmin) keystone user-role-add -tenant_id $SERVICE_TENANT -user $NOVA_USER -role $RESELLER_ROLEfiif $ENABLED_SERVICES = quantum ; then QUANTUM_USER=$(get_id keystone user-create -name=quantum -pass=$SERVICE_PASSWORD -tenant_id $SERVICE_TENANT -email=) keystone user-role-add -tenant_id $SERVICE_TENANT -user $QUANTUM_USER -role $ADMIN_ROLEfiendpoints.sh配置文件#!/bin/sh# Author: Martin Gerhard Loschwitz# (c) 2012 hastexo Professional Services GmbH# Licensed under the Apache License, Version 2.0 (the License);# you may not use this file except in compliance with the License.# You may obtain a copy of the License at# # /licenses/LICENSE-2.0# # Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an AS IS BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and# limitations under the License.# # On Debian-based systems the full text of the Apache version 2.0 # license can be found in /usr/share/common-licenses/Apache-2.0.# MySQL definitionsMYSQL_USER=keystoneMYSQL_DATABASE=keystoneMYSQL_PASSWORD=$MYSQL_PASSMYSQL_HOST=$MASTER#MYSQL_HOST=localhost# Keystone definitionsKEYSTONE_REGION=RegionOne#SERVICE_TOKEN=passwordSERVICE_ENDPOINT=http:/localhost:35357/v2.0# other definitions#MASTER=localhostwhile getopts u:D:p:m:K:R:E:S:T:vh opt; do case $opt in u) MYSQL_USER=$OPTARG ; D) MYSQL_DATABASE=$OPTARG ; p) MYSQL_PASSWORD=$OPTARG ; m) MYSQL_HOST=$OPTARG ; K) MASTER=$OPTARG ; R) KEYSTONE_REGION=$OPTARG ; E) export SERVICE_ENDPOINT=$OPTARG ; S) SWIFT_MASTER=$OPTARG ; T) export SERVICE_TOKEN=$OPTARG ; v) set -x ; h) cat &2 exit 1 ; :) echo Option -$OPTARG requires an argument &2 exit 1 ; esacdoneif -z $KEYSTONE_REGION ; then echo Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable. &2 missing_args=truefiif -z $SERVICE_TOKEN ; then echo Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable. &2 missing_args=truefiif -z $SERVICE_ENDPOINT ; then echo Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable. &2 missing_args=tru