openstack开发文档.docx

OpenStack Kilo install2015年12月29日目 录一、实验拓扑架构4二、基础系统的安装7三、安装完之后的处理113.1、本地yum的制作113.2网络yun的准备123.3其它相关操作12四、建立集群144.1配置各节点144.2验证各网络16五、集群环境的基本配置185.1控制节点服务器185.2其它节点185.3管理结点的基础包安装19六、Keystone身份认证服务216.1安装和配置216.2校验keystone服务246.3创建openstack的用户脚本24七、Glnace镜像服务267.1keystone的添加267.2安装与配置267.3验证服务28八、块存储服务298.1keystone服务的添加298.2服务的安装与配置30A、Controller结点的配置30B、存储结点的安装与配置318.3验证服务33九、对象存储服务349.1keystone服务的添加349.2安装与配置34A、管理节点的安装与配置34B、存储节点的安装与配置35C、管理节点的操作409.3验证服务40十、nova的服务4210.1keystone服务的添加4210.2安装与配置42A、管理节点操作42B、计算结点操作4410.3验证服务45十一、neutron服务4711.1keystone的添加4711.2安装与配置47A、管理节点的安装配置47B、网络节点的配置（同管理节点合并）50C、计算结点的配置5311.3服务验证5611.4网络验证57十二、Horizon5812.1安装与配置5812.2登陆测试58十三、问题解决5913.1防火墙5913.2ERROR:the server has either erred or is incapable of performing the requested operation5913.3vnc访问的解决6013.4虚拟机获取不到IP6013.4最终的配置文件61十四、虚拟机的操作63一、实验拓扑架构实验用电脑的配置为i7，16G内存，150G硬盘空间；centos7.1的镜像版本为：CentOS-7-x86_64-Everything-1503-01.iso，可以根据个人的实际情况进行修改。VMware Workstation的版本为11.1。表1.1Openstack实际安装拓扑使用网卡配置如下，本实验使用了回环网卡做内部通信使用，其它网卡桥接到无线网卡上。图1.1VM虚拟网络的配置情况图1.2虚拟机接口的配置图1.3网络接口的添加与配置手工配置好base系统的mac地址图1.4网络接口MAC地址的配置二、基础系统的安装操作系统使用的是centos7.1,镜像版本为：CentOS-7-x86_64-Everything-1503-01.iso，系统的安装过程可以参考下面的截图。图2.1安装语言选择图2.2安装的基本配置图2.3安装虚拟化工具安装时最好是一个网卡，安装完之后再添加其它网卡。图2.4网络选项图2.5密码设置及安装进度图2.6安装完成三、安装完之后的处理 操作系统安装完之后不能直接复制，还需要做些操作，要不然网络会出现问题。这里为了方便使用做了本地yum及一些快捷命令。3.1、本地yum的制作系统镜像的挂载图3.1自动挂载的设置图3.2本地yum的配置文件图3.3命令别名的建立3.2网络yum的准备1.安装yum-plugin-priorities包，以启用仓库中相对优先级的分配：#yum install yum-plugin-priorities2.On RHEL and CentOS, enable the EPEL repository:#yum install /pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm注意:Fedora不需要这个仓库安装包rdo-release-kilo以启用RDO仓库：#yum install /openstack-kilo/rdo-release-kilo.rpmSelinux的处理yum install openstack-selinux3.3其它相关操作图3.4网卡删除掉hwaddr和uuid注意：网络节点的外网口要保留hwaddr和uuid，可以先备份出来。外部网络接口使用特殊的配置，不分配IP地址。将第三个接口配置为外部网络接口图3.5网络节点外网卡的设置主机名的修改#hostnamectl sethostname controllerHosts解析的添加#cat /etc/hosts配置好各接口的地址base如下。图3.6管理节点的各网卡的配置四、建立集群根据前面的拓扑结构建立起集群环境，都是由前的基础镜像复制出来的，然后修改主机名，修改MAC/IP地址，这里不详述。4.1配置各节点管理节点+网络节点图4.1管理节点的各网卡的配置计算结点图4.2计算节点的各网卡的配置存储结点图4.3存储节点的各网卡的配置主机名图4.4主机名的配置4.2验证各网络管理+计算结点图4.5管理节点的网络验证计算结点图4.6计算节点的网络验证存储结点图4.7存储节点的网络验证五、集群环境的基本配置必须安装NTP来正确地在各个节点之间同步服务。我们推荐您配置控制节点来关联更准确的(下层的)服务器，然后将其他节点与控制节点关联。5.1控制节点服务器安装软件# yum install ntp 配置NTP服务/etc/ntp.conf如果控制节点为controller，直接使用下面即可server controller iburstrestrict -4 default kod notrap nomodifyrestrict -6 default kod notrap nomodify# systemctl enable ntpd.service# systemctl start ntpd.service其它节点Ntp的安装、配置与启动yum install ntp修改配置文件 /etc/ntp.conf，注释掉其它server选项server controller iburst # systemctl enable ntpd.service# systemctl start ntpd.serviceNtp的验证控制节点ntpq -c peersntpq -c assoc图5.1管理节点的时间同步验证5.2其它节点ntpq -c peersntpq -c assoc图5.2计算节点的时间同步验证图5.3存储节点的时间同步验证5.3管理结点的基础包安装安装并配置数据库服务1.安装软件包：注意Python MySQL库和MariaDB是兼容的。#yum install mariadb mariadb-server MySQL-python完成安装图5.4 mariadb的配置文件f图5.5maridb的配置文件mariadb_f1.启动数据库服务，并将其配置为开机自启：#systemctl enable mariadb.service#systemctl start mariadb.service2.对数据库进行安全加固（包括为数据库用户root设置适当的密码）：#mysql_secure_installation# yum install rabbitmq-server # systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service# rabbitmqctl change_password guest RABBIT_PASS 六、Keystone身份认证服务当安装OpenStack身份服务，用户必须将之注册到其OpenStack安装环境的每个服务。身份服务才可以追踪那些OpenStack服务已经安装，以及在网络中定位它们。6.1安装和配置本章节是安装和配置Openstack身份认证服务,这里把keystone集成到了httpd的服务当中。这里主要是管理节点的操作。数据库相关操作mysql -u root p mysql -uroot -pCREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO keystone% IDENTIFIED BY KEYSTONE_DBPASS;mysql -u keystone -pKEYSTONE_DBPASS生成一个随机值在初始的配置中作为管理员的令牌rootcontroller # openssl rand -hex 10b4412dace9a513f0dacf运行以下命令来安装包yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached y启动Memcached服务并设置开机启动systemctl enable memcached.servicesystemctl start memcached.service配置/etc/keystone/keystone.conf配置内容如下：DEFAULTadmin_token = b4412dace9a513f0dacfdatabaseconnection = mysql:/keystone:KEYSTONE_DBPASScontroller/keystonememcacheservers = localhost:11211tokenprovider = viders.uuid.Providerdriver = keystone.token.persistence.backends.memcache.Tokenrevokedriver = keystone.contrib.revoke.backends.sql.RevokeDEFAULTverbose = True初始化认证服务数据库# su -s /bin/sh -c keystone-manage db_sync keystone/etc/httpd/conf/httpd.conf ServerName controller/etc/httpd/conf.d/wsgi-keystone.confListen 5000Listen 35357WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%GROUPWSGIProcessGroup keystone-publicWSGIScriptAlias / /var/www/cgi-bin/keystone/mainWSGIApplicationGroup %GLOBALWSGIPassAuthorization OnLogLevel infoErrorLogFormat %cut %MErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combinedWSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%GROUPWSGIProcessGroup keystone-adminWSGIScriptAlias / /var/www/cgi-bin/keystone/adminWSGIApplicationGroup %GLOBALWSGIPassAuthorization OnLogLevel infoErrorLogFormat %cut %MErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined创建WSGI 目录mkdir -p /var/www/cgi-bin/keystone生成main和admin文件curl /cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin配置权限chown -R keystone:keystone /var/www/cgi-bin/keystonechmod 755 /var/www/cgi-bin/keystone/*设置开机启动并启动Memcached服务systemctl enable httpd.servicesystemctl start httpd.service配置管理员token:export OS_TOKEN= b4412dace9a513f0dacfexport OS_URL=http:/controller:35357/v2.0创建服务实体和身份认证服务openstack service create -name keystone -description OpenStack Identity identityopenstack endpoint create -publicurl http:/controller:5000/v2.0 -internalurl http:/controller:5000/v2.0 -adminurl http:/controller:35357/v2.0 -region RegionOne Identity快照创建admin的tenants, users, and rolesopenstack project create -description Admin Project adminopenstack user create -password-prompt admin密码140511720openstack role create adminopenstack role add -project admin -user admin adminopenstack project create -description Service Project serviceopenstack project create -description Demo Project demoopenstack user create -password-prompt demo140511720创建demo用户openstack role create useropenstack role add -project demo -user demo userERROR: openstack Authorization Failed: Cannot authenticate without an auth_url6.2校验keystone服务unset OS_TOKEN OS_URLopenstack -os-auth-url http:/controller:35357 -os-project-name admin -os-username admin -os-auth-type password token issueopenstack -os-auth-url http:/controller:35357 -os-project-domain-id default -os-user-domain-id default -os-project-name admin -os-username admin -os-auth-type password token issueopenstack -os-auth-url http:/controller:35357 -os-project-name admin -os-username admin -os-auth-type password project listopenstack -os-auth-url http:/controller:35357 -os-project-name admin -os-username admin -os-auth-type password user listopenstack -os-auth-url http:/controller:35357 -os-project-name admin -os-username admin -os-auth-type password role listopenstack -os-auth-url http:/controller:5000 -os-project-domain-id default -os-user-domain-id default -os-project-name demo -os-username demo -os-auth-type password token issueopenstack -os-auth-url http:/controller:5000 -os-project-domain-id default -os-user-domain-id default -os-project-name demo -os-username demo -os-auth-type password user list6.3创建openstack的用户脚本vi admin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_AUTH_URL=http:/controller:35357/v3demo-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=demoexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=DEMO_PASSexport OS_AUTH_URL=http:/controller:5000/v3注意修改相应的密码。七、Glnace镜像服务7.1keystone的添加创建数据库mysql -u root -pCREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO glance% IDENTIFIED BY GLANCE_DBPASS;创建service和endpointsource admin-openrc.shopenstack user create -password-prompt glanceopenstack role add -project service -user glance adminopenstack service create -name glance -description OpenStack Image service imageopenstack endpoint create -publicurl http:/controller:9292 -internalurl http:/controller:9292 -adminurl http:/controller:9292 -region RegionOne image7.2安装与配置安装软件包yum install openstack-glance python-glance python-glanceclient -y配置服务vi /etc/glance/glance-api.conf 快照database.connection = mysql:/glance:GLANCE_DBPASScontroller/glancekeystone_authtoken.auth_uri = http:/controller:5000auth_url = http:/controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword =14051172paste_deploy.flavor = keystoneglance_store.default_store = filefilesystem_store_datadir = /var/lib/glance/images/DEFAULT.notification_driver = noopDEFAULT.verbose = True/etc/glance/glance-registry.confdatabase.connection = mysql:/glance:GLANCE_DBPASScontroller/glancekeystone_authtoken.auth_uri = http:/controller:5000auth_url = http:/controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword = 140511720paste_deploy.flavor = keystoneDEFAULT.notification_driver = noopDEFAULT.verbose = True初始化镜像服务数据库# su -s /bin/sh -c glance-manage db_sync glance设置开机启动及启动相应的服务# systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service环境变量的添加echo export OS_IMAGE_API_VERSION=2 | tee -a admin-openrc.sh demo_openrc.shsource admin-openrc.sh下载demo镜像yum install -y wgetwget /0.3.4/cirros-0.3.4-x86_64-disk.img7.3验证服务镜像的上传glance image-create -name cirros-0.3.4-x86_64 -file cirros-0.3.4-x86_64-disk.img -disk-format qcow2 -container-format bare -visibility public progress镜像的查看glance image-list图 7.1 镜像列表八、块存储服务8.1keystone服务的添加数据库操作mysql u root pCREATE DATABASE cinder;GRANT ALL PRIVILEGES ON cinder.* TO cinder% IDENTIFIED BY CINDER_DBPASS;source admin-openrc.shopenstack user create -password-prompt cinderopenstack role add -project service -user cinder adminopenstack service create -name cinder -description OpenStack Block Storage volumeopenstack service create -name cinderv2 -description OpenStack Block Storage volumev2openstack endpoint create -publicurl http:/controller:8776/v2/%(tenant_id)s -internalurl http:/controller:8776/v2/%(tenant_id)s -adminurl http:/controller:8776/v2/%(tenant_id)s -region RegionOne volumeopenstack endpoint create -publicurl http:/controller:8776/v2/%(tenant_id)s -internalurl http:/controller:8776/v2/%(tenant_id)s -adminurl http:/controller:8776/v2/%(tenant_id)s -region RegionOne volumev28.2服务的安装与配置A、Controller结点的配置yum install openstack-cinder python-cinderclient python-oslo-db -y# cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf# chown -R cinder:cinder /etc/cinder/cinder.conf修改配置/etc/cinder/cinder.confdatabase.connection = mysql:/cinder:CINDER_DBPASScontroller/cinderDEFAULT.rpc_backend = rabbitoslo_messaging_rabbit.rabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASS 140511720DEFAULT.auth_strategy = keystonekeystone_authtoken.auth_uri = http:/controller:5000auth_url = http:/controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = cinderpassword = CINDER_PASSDEFAULT.my_ip = 1oslo_concurrency.lock_path = /var/lock/cinderDEFAULT.verbose = True 快照11.23su -s /bin/sh -c cinder-manage db sync cinder# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.serviceB、存储结点的安装与配置（在storage上进行）装两个硬盘yum install qemuyum install lvm2# systemctl enable lvm2-lvmetad.service# systemctl start lvm2-lvmetad.servicefdisk l pvcreate /dev/sdcvgcreate cinder-volumes /dev/sdc/etc/lvm/lvm.conffilter = a/sdc/, r/.*/yum install openstack-cinder targetcli python-oslo-db python-oslo-log MySQL-python -y/etc/cinder/cinder.conf database.connection = mysql:/cinder:CINDER_DBPASScontroller/cinderDEFAULT.rpc_backend = rabbitoslo_messaging_rabbit.rabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSDEFAULT.auth_strategy = keystonekeystone_authtoken.auth_uri = http:/controller:5000auth_url = http:/controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = cinderpassword = cinderDEFAULT.my_ip = 0lvm.volume_driver = cinder.volume.drivers.lvm.LVMVolumeDrivervolume_group = cinder-volumesiscsi_protocol = iscsiiscsi_helper = lioadmDEFAULT.enabled_backends = lvmDEFAULT.glance_host = controlleroslo_concurrency.lock_path = /var/lock/cinderDEFAULT.verbose = True# systemctl enable openstack-cinder-volume.service target.service# ffirewall-cmd -zone=public -add-port=3306/tcp -permanentfirewall-cmd -reloadController:source admin-openrc.shcinder service-listAfirewall-cmd -zone=public -add-port=5672/tcp -permanentfirewall-cmd -reload8.3验证服务echo export OS_VOLUME_API_VERSION=2 | tee -a admin-openrc.sh demo-openrc.shsource admin-openrc.shcinder service-list图 8.1 块存储的服务列表source demo-openrc.shcinder create -name demo-volume1 1图 8.2 块创建示例九、对象存储服务9.1keystone服务的添加注意对象存储没有使用数据库。source admin-openrc.shopenstack user create -password-prompt swift openstack role add -project service -user swift adminopenstack service create -name swift -description OpenStack Object Storage object-storeopenstack endpoint create -publicurl http:/controller:8080/v1/AUTH_%(tenant_id)s -internalurl http:/controller:8080/v1/AUTH_%(tenant_id)s -adminurl http:/controller:8080 -region RegionOne object-store9.2安装与配置A、管理节点的安装与配置yum install openstack-swift-proxy python-swiftclient python-keystone-auth-token python-keystonemiddleware memcached -ycurl -o /etc/swift/proxy-server.conf /cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/kilo/etc/swift/proxy-server.confDEFAULT.bind_port = 8080user = swiftswift_dir = /etc/swiftpipeline:mainpipeline = catch_errors gatekeeper healthcheck proxy-logging cachecontainer_sync bulk ratelimit authtoken keystoneauth container-quotasaccount-quotas slo dlo proxy-logging proxy-serverapp:proxy-server.account_autocreate = truefilter:keystoneauthuse = egg:swift#keystoneauth.operator_roles = admin,userfilter:authtokenpaste.filter_factory = keystonemiddleware.auth_token:filter_factory.auth_uri = http:/controller:5000auth_url = http:/controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = swiftpassword = swiftdelay_auth_decision = truefilter:cache.memcache_servers = :11211B、存储节点的安装与配置yum install xfsprogs rsync查看磁盘信息:fdisk -l# mkfs.xfs /dev/sdb# mkdir -p /srv/node/sdb/etc/fstab /dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2# mount /srv/node/sdcmount -a/etc/rsyncd.conf uid = swiftgid = swiftlog file = /var/log/rsyncd.logpid file = /var/run/rsyncd.pidaddress = MANAGEMENT_INTERFACE_IP_ADDRESSaccountmax connections = 2path = /srv/node/read only = falselock file = /var/lock/account.lockcontainermax connections = 2path = /srv/node/read only = falselock file = /var/lock/container.lockobjectmax connections = 2path = /srv/node/read only = falselock file = /var/lock/object.lock# systemctl enable rsyncd.se