花了一天的时间安装openstack,到目前为止还差虚拟机创建的问题没有完成。
单节点OpenStack安装, Grizzly, Quantum, Nova, Keystone, Glance, Horizon, Cinder, LinuxBridge, KVM, Ubuntu Server 12.04 (64 bits).
------------------------------------------------------------
---环境:
单台服务器:Ubuntu Server 12.04 (64 bits)
单个网卡:eth0(10.131.252.246)
------------------------------------------------------------
1. 准备Ubuntu
*安装好Ubuntu 12.04 Server 64bits后, 配置网络才能用工具远程:
编辑网卡配置文件:
vi /etc/network/interfaces
---
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
# This is an autoconfigured IPv6 interface
auto eth0
iface eth0 inet static
---
重启网络服务:
sudo /etc/init.d/networking restart
*进入sudo模式直到完成本指南:
sudo -s
(注意:必须以上述方式进入root模式,其余进入root模式方法在安装各种软就时会出错!)
*更新apt-get源:
vi /etc/apt/sources.list
---
deb http://mirrors.163.com/ubuntu/ precise main universe
restricted multiverse
deb-src http://mirrors.163.com/ubuntu/ precise main universe
restricted multiverse
deb http://mirrors.163.com/ubuntu/ precise-security universe
main multiverse restricted
deb-src http://mirrors.163.com/ubuntu/ precise-security universe
main multiverse restricted
deb http://mirrors.163.com/ubuntu/ precise-updates universe main
multiverse restricted
deb http://mirrors.163.com/ubuntu/ precise-proposed universe
main multiverse restricted
deb-src http://mirrors.163.com/ubuntu/ precise-proposed universe
main multiverse restricted
deb http://mirrors.163.com/ubuntu/ precise-backports universe
main multiverse restricted
deb-src http://mirrors.163.com/ubuntu/ precise-backports
universe main multiverse restricted
deb-src http://mirrors.163.com/ubuntu/ precise-updates universe main multiverse restricted
---
然后执行:
apt-get update
apt-get upgrade
*添加Grizzly仓库:
apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
*升级系统:
apt-get update
apt-get upgrade
apt-get dist-upgrade
--------------------------------------------------------------------------------------
2. 安装MySql和RabbitMQ
*安装MySQL并为root用户设置密码:
apt-get install mysql-server python-mysqldb
(中间会需要输入mysql的密码,自己设定为cloudfdse)
*配置mysql监听所有网络接口请求:
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
service mysql restart
*安装RabbitMQ:
apt-get install rabbitmq-server
*安装NTP服务:
apt-get install ntp
---------------------------------------------------------------------------------------
3. 配置Keystone
Keystone是Openstack框架中,负责身份验证、服务规则和服务令牌的功能。Keystone类似一个服务总线,或者说是整个Openstack框架的注册表,其他服务通过keystone来注册
其服务的Endpoint,任何服务之间相互的调用,需要经过Keystone的身份验证,来获得目标服务的Endpoint来找到目标服务。
*安装keystone软件包:
apt-get install keystone
*确认keystone在运行:
service keystone status
*为keystone创建MySQL数据库:
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
quit;
*在/etc/keystone/keystone.conf中设置连接到新创建的数据库:
cOnnection= mysql://keystoneUser:keystonePass@10.131.252.246/keystone
*重启身份认证服务并同步数据库:
service keystone restart
keystone-manage db_sync
*使用git仓库中脚本填充keystone数据库: 脚本文件见keystone_basic.sh和keystone_endpoints_basic.sh文件
(注意:在执行脚本前请按你的网卡配置修改HOST_IP和HOST_IP_EXT)
(注意:如果wget直接执行失败的话可自己建立文件,把内容拷贝进去即可)
wget https://raw.github.com/ist0ne/OpenStack-Grizzly-Install-Guide-CN/master/KeystoneScripts/keystone_basic.sh
wget https://raw.github.com/ist0ne/OpenStack-Grizzly-Install-Guide-CN/master/KeystoneScripts/keystone_endpoints_basic.sh
chmod +x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh
./keystone_endpoints_basic.sh
*创建一个简单的凭据文件,这样稍后就不会因为输入过多的环境变量而感到厌烦:
vi creds-admin
#Paste the following:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_AUTH_URL="http://10.131.252.246:5000/v2.0/"
# Load it:
source creds-admin
*通过命令行列出Keystone中添加的用户:
keystone user-list
如果keystone整个设置成功,会出现类似如下内容:
+----------------------------------+---------+---------+--------------------+
|
+----------------------------------+---------+---------+--------------------+
| d9111d46fdf644ea999a9cde
| 90daa46f3b194d4dbcdba9a4
| 7491908e0efd4fecb8333fb9
| de6c1c536b2d437dab5904f1
| 17685b931b9348319f081351
+----------------------------------+---------+---------+--------------------+
-----------------------------------------------------------------------------------
4. 设置Glance
OpenStack Image Service (Glance),是一个虚拟机镜像的存储、查询和检索系统。glance-api 主要是用来接受各种api调用请求,并提供相应的操作。glacne-registry 用来
和MySQL数据库进行交互,存储或者获取镜像的元数据。
*安装Glance:
apt-get install glance
*确保glance服务在运行:
service glance-api status
service glance-registry status
*为Glance创建MySQL数据库:
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
quit;
*按下面更新glance-api-paste.ini:
vi /etc/glance/glance-api-paste.ini:
---
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = 10.131.252.246
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
---
*按下面更新glance-registry-paste.ini:
vi /etc/glance/glance-registry-paste.ini
---
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.131.252.246
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
---
*按下面更新glance-api.conf:
vi /etc/glance/glance-api.conf
---
sql_cOnnection= mysql://glanceUser:glancePass@10.10.100.51/glance
[paste_deploy]
flavor = keystone
---
*按下面更新glance-registry.conf:
vi /etc/glance/glance-registry.conf
---
sql_cOnnection= mysql://glanceUser:glancePass@10.10.100.51/glance
[paste_deploy]
flavor = keystone
---
*重启glance-api和glance-registry服务:
service glance-api restart; service glance-registry restart
*同步glance数据库:
glance-manage db_sync
*重启服务使配置生效:
service glance-registry restart; service glance-api restart
*测试Glance, 从网络上传cirros云镜像:
glance image-create --name cirros --is-public true
--container-format bare --disk-format qcow2
--location
https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
(注意:通过此镜像创建的虚拟机可通过用户名/密码登陆, 用户名:cirros 密码:cubswin:)
*本地创建Ubuntu云镜像:
wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ./precise-server-cloudimg-amd64-disk1.img
*列出镜像检查是否上传成功:
glance image-list
如果以上步骤执行成功,会出现如下内容:
+--------------------------------------+-----------------------------+-------------+------------------+------+--------+
| ID
+--------------------------------------+-----------------------------+-------------+------------------+------+--------+
| 542de40b-6abc-4dfa-990c-2747d493748d | cirros
| 07da14ea-712e-4e92-8aec-6a013d957268 | Ubuntu 12.04 cloudimg
amd64 | qcow2
+--------------------------------------+-----------------------------+-------------+------------------+------+--------+
---------------------------------------------------------------------------
5. 设置Quantum
一般虚拟网络有三种拓扑,一种是NET方式(即虚机里是内网地址,虚机间可以互访,虚机可以访问外面,但外面不可以访问虚机,当然宿主机除外),另一种是Bridge方式,这
是linux内核自带的一种方式(虚机可以访问外面,外面也可以访问虚机),最后一种就是VLAN,通过标签虚拟网络可以分为更多的相互隔离的小子网,一般用openVPN就可以很
容易实现。
quantum究竟是什么呢?上面三种网络拓扑是死的,quantum可以通过编程动态的调整拓扑,还可以动态定义网络QoS,并且基于一种openflow的标准协议,可以独立为一个单独的
模块用在其他地方。
这次尝试安装的为master,它与OVS_SingleNode的不同之处就在于此步骤中,OVS_SingleNode的安装过程中,有一个设置OpenVSwitch的步骤。
open vSwitch又是什么呢?它是一种软件实现的交换机,用于给一台物理机上的虚机提供虚拟网络服务,它的实现原理蛮简单,就是TUN,TUN其实就是linux内核提供的用于两个
进程间交换数据用的。在物理机里的两台虚机实际上就两个进程。
*安装Quantum组件:
apt-get install quantum-server quantum-plugin-linuxbridge quantum-plugin-linuxbridge-agent dnsmasq quantum-dhcp-agent quantum-l3-agent
*创建数据库:
mysql -u root -p
CREATE DATABASE quantum;
GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass';
quit;
*确认Quantum组件在运行:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done
(注意:不止一个组件,所以会输出多个组件的运行状态,注意每个都要确认在运行。)
*编辑api-paste.ini:
vi /etc/quantum/api-paste.ini
---
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.131.252.246
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
---
*编辑OVS配置文件linuxbridge_conf.ini:
vi /etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini
---
# under [DATABASE] section
sql_cOnnection= mysql://quantumUser:quantumPass@10.131.252.246/quantum
# under [LINUX_BRIDGE] section
physical_interface_mappings = physnet1:eth1
# under [VLANS] section
tenant_network_type = vlan
network_vlan_ranges = physnet1:1000:2999
---
*更新/etc/quantum/metadata_agent.ini:
vi /etc/quantum/metadata_agent.ini
---
# The Quantum user information for accessing the Quantum API.
auth_url = http://10.131.252.246:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
# IP address used by Nova metadata server
nova_metadata_ip = 10.10.100.51
# TCP Port used by Nova metadata server
nova_metadata_port = 8775
metadata_proxy_shared_secret = helloOpenStack
---
*编辑quantum.conf:
vi /etc/quantum/quantum.conf
---
core_plugin = quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2
[keystone_authtoken]
auth_host = 10.131.252.246
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
signing_dir = /var/lib/quantum/keystone-signing
---
*编辑l3_agent.ini:
vi /etc/quantum/l3_agent.ini
---
[DEFAULT]
interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
use_namespaces = True
external_network_bridge = br-ex
signing_dir = /var/cache/quantum
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
auth_url = http://10.131.252.246:35357/v2.0
l3_agent_manager =
quantum.agent.l3_agent.L3NATAgentWithStateRepor
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
---
*编辑dhcp_agent.ini:
vi /etc/quantum/dhcp_agent.ini
---
[DEFAULT]
interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq
use_namespaces = True
signing_dir = /var/cache/quantum
admin_tenant_name = service
admin_user = quantum
admin_password = service_pass
auth_url = http://10.131.252.246:35357/v2.0
dhcp_agent_manager =
quantum.agent.dhcp_agent.DhcpAgentWithStateReport
root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
state_path = /var/lib/quantum
---
*重启quantum所有服务:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
service dnsmasq restart
(注意: 如果有服务运行在53端口,'dnsmasq'重启失败,可以kill掉那个服务器后再重启'dnsmasq')
---------------------------------------------------------------------------
6. 设置Nova
OpenStack Compute (Nova),为云组织的控制器,它提供一个工具来部署云,包括运行实例、管理网络以及控制用户等等。nova的各个组件是以数据库和队列为中心进行通信的.
nova-compute负责决定创造虚拟机和撤销虚拟机,通过运行一系列系统命令(例如发起一个KVM实例,)并把这些状态更新到nova-database中去,其过程相当复杂,但是基本原
理很简单。
nova-schedule负责从queue里取得虚拟机请求并决定把虚拟机分配到哪个服务器上去。schedule的算法可以自己定义,目前有Simple
(最少加载主机),chancd(随机主机分配)
,zone(可用区域内的随机节点)等算法。
nova-volume负责记录每一个计算实例,相当于一个计算请求吧,并负责创建,分配或撤销持久层容器(Amazon的,iSCSI,AoE等等)给这些compute instances。
nova -netwok负责处理队列里的网络任务。
nova-api守护进程是OpenStack Compute的中心。它为所有API查询提供一个入口, 并且同时支持OpenStack API 和 Amazon EC2 API。
*安装nova组件:
apt-get install nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm
(注意:如果你的宿主机不支持kvm虚拟化,可把nova-compute-kvm换成nova-compute-qemu
同时/etc/nova/nova-compute.conf配置文件中的libvirt_type=qemu)
*检查nova服务是否正常启动:
cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done
*为Nova创建Mysql数据库:
mysql -u root -p
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
quit;
*在api-paste.ini配置文件中修改认证信息:
vi /etc/nova/api-paste.ini
---
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = 10.131.252.246
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = service_pass
signing_dirname = /tmp/keystone-signing-nova
# Workaround for https://bugs.launchpad.net/nova/+bug/1154809
auth_version = v2.0
---
*如下修改nova.conf:
vi /etc/nova/nova.conf
---
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=True
api_paste_cOnfig=/etc/nova/api-paste.ini
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
rabbit_host=10.131.252.246
nova_url=http://10.131.252.246:8774/v1.1/
sql_cOnnection=mysql://novaUser:novaPass@10.131.252.246/nova
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
# Auth
use_deprecated_auth=false
auth_strategy=keystone
# Imaging service
glance_api_servers=10.131.252.246:9292
image_service=nova.image.glance.GlanceImageService
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://10.131.252.246:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=10.131.252.246
vncserver_listen=0.0.0.0
# Metadata
service_quantum_metadata_proxy = True
quantum_metadata_proxy_shared_secret = helloOpenStack
# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.131.252.246:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=service_pass
quantum_admin_auth_url=http://10.131.252.246:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.QuantumLinuxBridgeVIFDri
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriv
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
---
*修改nova-compute.conf:
vi /etc/nova/nova-compute.conf
---
[DEFAULT]
libvirt_type=kvm
compute_driver=libvirt.LibvirtDriver
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.QuantumLinuxBridgeVIFDri
---
*同步数据库:
nova-manage db sync
*重启所有nova服务:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
*检查所有nova服务是否启动正常:
nova-manage service list
如果以上步骤执行成功,显示如下内容:
---
Binary
nova-cert
nova-conductor
nova-consoleauth cloudA
nova-scheduler
nova-compute
---
------------------------------------------------------------------------
7. 设置Horizon
*如下安装horizon
apt-get install openstack-dashboard memcached
*如果你不喜欢OpenStack ubuntu主题, 你可以停用它:
dpkg --purge openstack-dashboard-ubuntu-theme
*重启Apache和memcached服务:
service apache2 restart; service memcached restart
---------------------------------------------------------------------------
至此,基本openstack基本安装成功,可在浏览器中打开10.131.252.246/horizon,会进入到openstack的登录界面,使用admin:admin_pass登录即可。
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有 