Openstack部署手册

1、目录一、服务器配置2二、组件安装5三、数据库安装配置 6四、Keystone 配置7五、glance 配置11六、nova配置13七、dashboard 配置19八、镜像制作19附件一：配置文件 20附件二：安装错误处理 33一、服务器配置1、下载ubuntu 12.04.服务器版本。地址：http:/releases.ubuntu.eom/precise/ubuntu-12.04-beta2-server-amd64.iso2、安装OS操作系统最小化安装，只需要安装ssh server ,其他组件不需要。操作系统安装好需要更新源里的包、系统。确保装的是最新版本的包。命令如下:apt-get

2、updateapt-get upgrade注：更新时网络代理配置如下：rootubuntu:/opt# cat /etc/apt/apt.confAcquire:http:Proxy "36:8080/"3、root权限zhangubuntu:$ sudo passwdsudo password for zhang:Enter new UNIX password:Retype new UNIX password:passwd: password updated successfully4、网络配置rootubuntu:/opt# cat /

3、etc/network/interfaces# This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5).# The loopback network interfaceauto loiface lo inet loopback# The primary network interfaceauto eth0iface eth0 inet staticaddress 133.64.96.

4、26netmask 28network broadcast 27gateway # dns-* options are implemented by the resolvconf package, if installeddns-nameservers auto eth1iface eth1 inet staticaddress 30netmask 28network 28 broadcast 192.168.3

5、.255二、组件安装1、bridge 配置使用apt-get安装如下：apt-get install bridge-utils/etc/init.d/networking restart2、NTP配置apt-get install ntp编辑/etc/ntp.conf 在末尾添加下面3行server iburstserver fudge stratum 10重启服务service ntp restart3、iscsi 配置apt-get install tgt/etc/init.d/tgt startapt-get install open-isc

6、si open-iscsi-utils4、rabbitmq 配置apt-get install rabbitmq-server memcached python-memcacheapt-get install kvm libvirt-bin三、数据库安装配置1、安装数据库apt-get install mysql-server python-mysqldb编辑/etc/mysql/f, 允许网络访问 mysql#bind-address = bind-address = 重启mysql服务/etc/init.d/mysql restart2、创建相关数据库mys

7、ql -uroot -p123456CREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova''%' IDENTIFIED BY '123456'CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance''%' IDENTIFIED BY '123456'CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keyst

8、one.* TO 'keystone''%'IDENTIFIED BY '123456' quit四、Keystone配置1、keystone 的安装apt-get install keystone python-keystone python-keystoneclient2、keystone 配置编辑 /etc/keystone/keystone.confDEFAULT#bind_host = public_port = 5000admin_port = 35357#admin_token = ADMINadmin_token =

9、 adminsql#connection = sqlite:/var/lib/keystone/keystone.db connection = mysql:/keystone:1234566/keystone3、重启服务service keystone restart4、同步数据库keystone-manage db_sync5、导入数据和 endpoint为了方便，你可以直接使用下面2个脚本来进行全部的设置(1 )、keystone_data.sh 导入用户信息wget mv keystone_data.sh_.txt keystone_data.shchmod +x

10、 keystone_data.sh对于 keystone_data.sh脚本，默认的登陆 dashboard 的密码是: chenshake , Token 是 chenshake你可以根据你的情况进行调整。第一行是登陆dashboard的密码。第三行是上面设置的 Keystone的TokenADMIN_PASSWORD=$ADMIN_PASSWORD:-123456SERVICE_PASSWORD=$SERVICE_PASSWORD:-$ADMIN_PASSWORD#export SERVICE_TOKEN="chenshake" export SERVICE_TOKEN

11、="admin”export SERVICE_ENDPOINT="http:/localhost:35357/v2.0”SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME:-serviceENABLED_SERVICES="swift”验证是否正常./keystone_data.sh没任何输出，就表示正确echo $?显示0,就表示脚本正确运行(2)、endpoints.sh 设置 endpointwget mv endpoints.sh_.txt endpoints.shchmod +x endpoints.sh这个脚本运行，需要使

12、用不少参数./endpoints.sh -m 6 -u keystone -D keystone -p 123456 -T admin -K 6 -RRegionOne -E "http:/localhost:35357/v2.0" -S 6参数说明-m mysql_hostname-u mysql_username-D mysql_database-p mysql_password-K keystone 服务器 IP-R keystone_region-E keystone_endpoint_url-S s

13、wift proxy 节点 IP-T keystone_token正常运行，会输出一堆内容。(3 )、设置环境变量rootserver1:# Vi /.bashrc.或/etc/profile在文件末尾处export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http:/localhost:5000/v2.0/验证：rootserver1:#source /.bashrc.或 /etc/profilerootserver1:# export | grep OS_

14、declare -x OS_AUTH_URL="http:/localhost:5000/v2.0/" declare -x OS_PASSWORD="123456" declare -x OS_TENANT_NAME="admin" declare -x OS_USERNAME="admin”6、测试keyston是否正确安装keystone user-list keystone endpoint-list keystone tenant-list keystone user-list keystone role-list

15、如:root®ubuntu:-# keystone user- list1id+ 一42780b5ff9B464b81aS76ccd97bcc29363O1152b46a6MdS0a29Olca6bcS88aaf82f66al42fe6435b9S0ca0ebd0ade2d0b6cfl2fele2a4b2S8f02Sc0b6b0edl60+*.1erabledU一一一一一一一4TrueTrueTrueTrueemailL- -一一 一一一一一 一T nova©c hens hake. com ad mi nKchenshake. com swi ftchenshake. c

16、om glance<5chenshake. com卜二Hname一+ngva admin swift g】ance一一一+若测试成功说明keystone安装正确。五、glance再己置1、glance 安装apt-get install glance glance-api glance-client glance-common glance-registry python-glance2、glance 配置编辑 ZetcZglanceZglance-api-paste.ini , ZetcZglanceZglance-registry-paste.ini,两个文件，都是修改文档最后3行#

17、admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin_user = glanceadmin_password = 123456#dashboard password编辑 ZetcZglanceZglance-registry.conf，改成使用 mysql 验证#sql_connection = sqlite:ZZZZvarZlibZglanceZglance.sqlites

18、ql_connection = mysql:ZZglance:12345601Zglance编辑 ZetcZglanceZglance-registry.conf 和 ZetcZglanceZglance-api.conf ,都在文件末尾添力口两行paste_deployflavor = keystone3、glance同步数据库glance-manage version_control 0 glance-manage db_sync4、重启服务service glance-api restart && service glance-registry

19、restart5、设置永久环境变量修改/.bashrc.或/etc/profile , 在末尾添加下面内容export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http:/localhost:5000/v2.0/注：在keystone中设置过环境变量后无需再配置环境变量。6、测试 glanceglance index没有输出，表示正常，因为目前还没有镜像。六、nova配置nova-network1、安装novaapt-get install nova-api

20、nova-cert nova-compute nova-compute-kvm nova-doc nova-objectstore nova-scheduler nova-volume rabbitmq-server novnc nova-consoleauth2、配置nova使用vi /etc/nova/nova.conf 编辑该文件修改。外网地址 6。内网地址 30 。-dhcpbridge_flagfile=/etc/nova/nova.conf-dhcpbridge=/usr/bin/nova-dhcpbridge-logdir=/var/l

21、og/nova-state_path=/var/lib/nova-lock_path=/run/lock/nova-allow_admin_api=true-use_deprecated_auth=false-auth_strategy=keystone-scheduler_driver=nova.scheduler.simple.SimpleScheduler-s3_host=6-ec2_host=6-rabbit_host=6-cc_host=6-nova_url=6:

22、8774/v1.1/-routing_source_ip=6-glance_api_servers=6:9292-image_service=nova.image.glance.GlanceImageService-iscsi_ip_prefix=192.168.4-sql_connection=mysql:/nova:1234566/nova-ec2_url=6:8773/services/Cloud-keystone_ec2_url=6:5000/v2.0/

23、ec2tokens-api_paste_config=/etc/nova/api-paste.ini-libvirt_type=kvm-libvirt_use_virtio_for_bridges=true-start_guests_on_host_boot=true-resume_guests_state_on_host_boot=true# vnc specific configuration-novnc_enabled=true-novncproxy_base_url=6:6080/vnc_auto.html-vncserver_proxyclient_

24、address=6-vncserver_listen=6# network specific settings-network_manager=work.manager.FlatDHCPManager-public_interface=eth0-flat_interface=eth1-flat_network_bridge=br100-fixed_range=30/25-floating_range=6/25-network_size=32-flat_network_dhcp_start=192.168.4

25、.162-flat_injected=False-force_dhcp_release-iscsi_helper=tgtadm-connection_type=libvirt-root_helper=sudo nova-rootwrap-verbose使用 vi /etc/nova/api-paste.ini编辑文件修改！#admin_tenant_name = %SERVICE_TENANT_NAME%#admin_user = %SERVICE_USER%#admin_password = %SERVICE_PASSWORD%admin_tenant_name = serviceadmin

26、_user = novaadmin_password = 1234563、相关服务重启/etc/init.d/libvirt-bin restart/etc/init.d/nova-network restart/etc/init.d/nova-compute restart/etc/init.d/nova-api restart/etc/init.d/nova-objectstore restart/etc/init.d/nova-scheduler restart/etc/init.d/nova-volume restart/etc/init.d/nova-consoleauth rest

27、art4、同步数据库nova-manage db sync5、设置目录权限chown -R nova:nova /etc/nova chmod 644 /etc/nova/nova.conf6、创建fix ip（内网ip）nova-manage network create private -fixed_range_v4=30/25-numnetworks=1-bridge=br100 -bridge_interface=eth1 -network_size=327、创建 floating IP（公网 ip）nova-manage floating create -ip_

28、range=6/258、重启服务/etc/init.d/libvirt-bin restart/etc/init.d/nova-network restart/etc/init.d/nova-compute restart/etc/init.d/nova-api restart/etc/init.d/nova-objectstore restart/etc/init.d/nova-scheduler restart/etc/init.d/nova-volume restart/etc/init.d/nova-consoleauth restart9、验证测试nova-ma

29、nage service list nova list nova image-list nova floating-ip-create nova flavor-list nova secgroup-list nova secgroup-list-rules default10、开放远程连接端口nova secgroup-add-rule default tcp 22 22 Z0nova secgroup-add-rule default icmp -1 -1 Z0七、dashboard 配置1、安装 dashboardapt-get install openstac

30、k-dashboard2、重启 apacheservice apache2 restart八、镜像制作下载官方做好的ubuntu镜像即可wget http:ZZcloud-ZpreciseZcurrentZprecise-server-cloudimg-amd64-disk1.img上传镜像glance add name="Ubuntu12.04 cloudimg amd64" is_public=true container_format=ovfdisk_format=qcow2 < /root/precise-server-cloudimg-amd64-disk1

31、.img附件一：配置文件keystone_data.sh#!/bin/bash# Initial data for Keystone using python-keystoneclient# TenantUserRoles# # adminadminadmin# serviceglanceadmin# servicenovaadmin, ResellerAdmin (swift only)# servicequantumadmin# if enabled# serviceswiftadmin# if enabled# demoadminadmin# demodemoMember, anothe

32、rrole# invisibletoadmindemoMember# Variables set before calling this script:# SERVICE_TOKEN - aka admin_token in keystone.conf# SERVICE_ENDPOINT - local Keystone admin endpoint# SERVICE_TENANT_NAME - name of tenant containing service accounts# ENABLED_SERVICES - stack.sh's list of services to st

33、art# DEVSTACK_DIR - Top-level DevStack directory#ADMIN_PASSWORD=$ADMIN_PASSWORD:-chenshakeADMIN_PASSWORD=$ADMIN_PASSWORD:-$OS_PASSWORD#SERVICE_PASSWORD=$SERVICE_PASSWORD:-$ADMIN_PASSWORD#export SERVICE_TOKEN="chenshake"#export SERVICE_ENDPOINT="http:/localhost:35357/v2.0"SERVICE_

34、TENANT_NAME=$SERVICE_TENANT_NAME:-serviceENABLED_SERVICES="swift” function get_id () echo '$ | awk '/ id / print $4 '# TenantsADMIN_TENANT=$(get_id keystone tenant-create -name=admin)SERVICE_TENANT=$(get_id keystone tenant-create -name=$SERVICE_TENANT_NAME)#DEMO_TENANT=$(get_id keys

35、tone tenant-create -name=demo)#INVIS_TENANT=$(get_id keystone tenant-create -name=invisible_to_admin)# UsersADMIN_USER=$(get_id keystone user-create -name=admin -pass="$ADMIN_PASSWORD" -email=admin)#DEMO_USER=$(get_id keystone user-create -name=demo # -pass="$ADMIN_PASSWORD" # -e

36、mail=demo)# RolesADMIN_ROLE=$(get_id keystone role-create -name=admin)KEYSTONEADMIN_ROLE=$(get_id keystone role-create -name=KeystoneAdmin)KEYSTONESERVICE_ROLE=$(get_id keystone role-create -name=KeystoneServiceAdmin)# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used# TODO(sl

37、eepsonthefloor): show how this can be used for rbac in the future!ANOTHER_ROLE=$(get_id keystone role-create -name=anotherrole)# Add Roles to Users in Tenants keystone user-role-add -user $ADMIN_USER -role $ADMIN_ROLE -tenant_id $ADMIN_TENANT#keystone user-role-add -user $ADMIN_USER -role $ADMIN_ROL

38、E -tenant_id $DEMO_TENANT#keystone user-role-add -user $DEMO_USER -role $ANOTHER_ROLE -tenant_id $DEMO_TENANT# TODO(termie): these two might be dubiouskeystoneuser-role-add-user $ADMIN_USER -role $KEYSTONEADMIN_ROLE-tenant_id$ADMIN_TENANTkeystoneuser-role-add-user $ADMIN_USER-role $KEYSTONESERVICE_R

39、OLE-tenant_id$ADMIN_TENANT# The Member role is used by Horizon and Swift so we need to keep it:MEMBER_ROLE=$(get_id keystone role-create -name=Member)#keystone user-role-add -user $DEMO_USER -role $MEMBER_ROLE -tenant_id $DEMO_TENANT#keystone user-role-add -user $DEMO_USER -role $MEMBER_ROLE -tenant

40、_id $INVIS_TENANT# Configure service users/rolesNOVA_USER=$(get_id keystone user-create -name=nova -pass="$SERVICE_PASSWORD" -tenant_id $SERVICE_TENANT -email=nova)keystone user-role-add -tenant_id $SERVICE_TENANT -user $NOVA_USER -role $ADMIN_ROLEGLANCE_USER=$(get_id keystone user-create

41、-name=glance -pass="$SERVICE_PASSWORD" -tenant_id $SERVICE_TENANT -email=glance)keystone user-role-add -tenant_id $SERVICE_TENANT -user $GLANCE_USER -role $ADMIN_ROLEif "$ENABLED_SERVICES" = "swift" ; thenSWIFT_USER=$(get_id keystone user-create -name=swift -pass="

42、$SERVICE_PASSWORD" -tenant_id $SERVICE_TENANT -email=swift)keystone user-role-add -tenant_id $SERVICE_TENANT -user $SWIFT_USER -role $ADMIN_ROLE# Nova needs ResellerAdmin role to download images when accessing# swift through the s3 api. The admin role in swift allows a user# to act as an admin

43、for their tenant, but ResellerAdmin is needed# for a user to act as any tenant. The name of this role is also# configurable in swift-proxy.confRESELLER_ROLE=$(get_id keystone role-create -name=ResellerAdmin)keystone user-role-add -tenant_id $SERVICE_TENANT -user $NOVA_USER -role $RESELLER_ROLEfiif &

44、quot;$ENABLED_SERVICES" = "quantum" ; thenQUANTUM_USER=$(get_id keystone user-create -name=quantum -pass="$SERVICE_PASSWORD" -tenant_id $SERVICE_TENANT -email=quantum)keystone user-role-add -tenant_id $SERVICE_TENANT -user $QUANTUM_USER -role $ADMIN_ROLEfiendpoints.sh 配置文件#!

45、/bin/sh# Author:Martin Gerhard Loschwitz# (c) 2012 hastexo Professional Services GmbH# Licensed under the Apache License, Version 2.0 (the "License");# you may not use this file except in compliance with the License.# You may obtain a copy of the License at# http:/www.apache.Org/licenses/L

46、ICENSE-2.0# Unless required by applicable law or agreed to in writing, software# distributed under the License is distributed on an "AS IS" BASIS,# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.# See the License for the specific language governing permissions and#

47、 limitations under the License.# On Debian-based systems the full text of the Apache version 2.0# license can be found in '/usr/share/common-licenses/Apache-2.0'.# MySQL definitionsMYSQL_USER=keystoneMYSQL_DATABASE=keystoneMYSQL_PASSWORD=$MYSQL_PASSMYSQL_HOST=$MASTER#MYSQL_HOST=localhost# Ke

48、ystone definitionsKEYSTONE_REGION=RegionOne#SERVICE_TOKEN=passwordSERVICE_ENDPOINT="http:/localhost:35357/v2.0”# other definitions#MASTER=localhostwhile getopts "u:D:p:m:K:R:E:S:T:vh" opt; docase $opt inu)MYSQL_USER=$OPTARGD)MYSQL_DATABASE=$OPTARGp)MYSQL PASSWORD=$OPTARGm)MYSQL HOST=$

49、OPTARGK)MASTER=$OPTARGR)KEYSTONE REGION=$OPTARGE)export SERVICE_ENDPOINT=$OPTARGS)SWIFT MASTER=$OPTARGT)export SERVICE_TOKEN=$OPTARGv)set -x；h)cat <<EOFUsage: $0 -m mysql_hostname -u mysql_username -D mysql_database -p mysql_password-K keystone_master -R keystone_region -E keystone_endpoint_ur

50、l -S swift_master -T keystone_token Add -v for verbose mode, -h to display this message.EOFexit 0;?)echo "Unknown option -$OPTARG" >&2exit 1;:)echo "Option -$OPTARG requires an argument" >&2exit 1esacdone if -z "$KEYSTONE_REGION" ; thenecho "Keystone

51、region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2missing_args="true"fiif -z "$SERVICE_TOKEN" ; thenecho "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2missing_args="true

52、"fiif -z "$SERVICE_ENDPOINT" ; thenecho "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2missing_args="true"fiif -z "$MYSQL_PASSWORD" ; thenecho "MySQL password not set. Please set with -p opt

53、ion or set MYSQL_PASSWORD variable." >&2missing_args="truefi if -n "$missing_args" ; thenexit 1 fi keystone service-create -name nova -type compute -description 'OpenStack Compute Service' keystone service-create -name volume -type volume -description 'OpenStac

54、k Volume Service' keystone service-create -name glance -type image -description 'OpenStack Image Service' keystone service-create -name swift -type object-store -description 'OpenStack Storage Service' keystone service-create -name keystone -type identity -description 'OpenSt

55、ack Identity' keystone service-create -name ec2 -type ec2 -description 'OpenStack EC2 service' create_endpoint () case $1 incompute)keystone endpoint-create -region $KEYSTONE_REGION -service_id $2 -publicurl'http:/"'$MASTER"':8774/v2/%(tenant_id)s'-adminurl'

56、http:/"'$MASTER"':8774/v2/%(tenant_id)s'-internalurl 'http:/'"$MASTER"':8774/v2/%(tenant_id)s'-service_id$2-publicurlvolume)keystone endpoint-create -region $KEYSTONE_REGION'http:/'"$MASTER"':8776/v1/%(tenant_id)s'-adminurl

57、9;http:/'"$MASTER"':8776/v1/%(tenant_id)s'-internalurl 'http:/'"$MASTER"':8776/v1/%(tenant_id)s'image)keystone endpoint-create-region $KEYSTONE_REGION -service_id$2-publicurl'http:/'"$MASTER"':9292/vT-adminurl'http:/"'$MASTER"':9292/vT-internalurl'http:/'"$MASTER"':9292/v1'obj