OpenStackGrizzly单节点安装过程记录

花了一天的时间安装openstack，到目前为止还差虚拟机创建的问题没有完成。

单节点OpenStack安装, Grizzly, Quantum, Nova, Keystone, Glance, Horizon, Cinder, LinuxBridge, KVM, Ubuntu Server 12.04 (64 bits).

------------------------------------------------------------

---环境：

单台服务器：Ubuntu Server 12.04 (64 bits)

单个网卡：eth0(10.131.252.246)

------------------------------------------------------------

1. 准备Ubuntu

*安装好Ubuntu 12.04 Server 64bits后, 配置网络才能用工具远程：

编辑网卡配置文件:

vi /etc/network/interfaces

---

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

# This is an autoconfigured IPv6 interface

auto eth0

iface eth0 inet static

  address 10.131.252.246

  netmask 255.255.254.0

  broadcast 10.131.253.255

  gateway 10.131.252.1

  dns-nameservers 202.117.80.3

---

重启网络服务：

sudo /etc/init.d/networking restart

*进入sudo模式直到完成本指南:

sudo -s

(注意：必须以上述方式进入root模式，其余进入root模式方法在安装各种软就时会出错！)

*更新apt-get源：

vi /etc/apt/sources.list

---

deb http://mirrors.163.com/ubuntu/ precise main universe restricted multiverse 

deb-src http://mirrors.163.com/ubuntu/ precise main universe restricted multiverse 

deb http://mirrors.163.com/ubuntu/ precise-security universe main multiverse restricted 

deb-src http://mirrors.163.com/ubuntu/ precise-security universe main multiverse restricted 

deb http://mirrors.163.com/ubuntu/ precise-updates universe main multiverse restricted 

deb http://mirrors.163.com/ubuntu/ precise-proposed universe main multiverse restricted 

deb-src http://mirrors.163.com/ubuntu/ precise-proposed universe main multiverse restricted 

deb http://mirrors.163.com/ubuntu/ precise-backports universe main multiverse restricted 

deb-src http://mirrors.163.com/ubuntu/ precise-backports universe main multiverse restricted 

deb-src http://mirrors.163.com/ubuntu/ precise-updates universe main multiverse restricted

---

然后执行：

apt-get update

apt-get upgrade

*添加Grizzly仓库:

apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring

echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list

*升级系统：

apt-get update

apt-get upgrade

apt-get dist-upgrade

--------------------------------------------------------------------------------------

2. 安装MySql和RabbitMQ

*安装MySQL并为root用户设置密码:

apt-get install mysql-server python-mysqldb

（中间会需要输入mysql的密码，自己设定为cloudfdse）

*配置mysql监听所有网络接口请求:

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

service mysql restart

*安装RabbitMQ:

apt-get install rabbitmq-server

*安装NTP服务:

apt-get install ntp

---------------------------------------------------------------------------------------

3. 配置Keystone

Keystone是Openstack框架中，负责身份验证、服务规则和服务令牌的功能。Keystone类似一个服务总线，或者说是整个Openstack框架的注册表，其他服务通过keystone来注册

其服务的Endpoint,任何服务之间相互的调用，需要经过Keystone的身份验证，来获得目标服务的Endpoint来找到目标服务。

*安装keystone软件包:

apt-get install keystone

*确认keystone在运行:

service keystone status

*为keystone创建MySQL数据库:

mysql -u root -p

CREATE DATABASE keystone;

GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';

quit;

*在/etc/keystone/keystone.conf中设置连接到新创建的数据库:

cOnnection= mysql://keystoneUser:keystonePass@10.131.252.246/keystone

*重启身份认证服务并同步数据库:

service keystone restart

keystone-manage db_sync

*使用git仓库中脚本填充keystone数据库： 脚本文件见keystone_basic.sh和keystone_endpoints_basic.sh文件

（注意：在执行脚本前请按你的网卡配置修改HOST_IP和HOST_IP_EXT）

（注意：如果wget直接执行失败的话可自己建立文件，把内容拷贝进去即可）

wget https://raw.github.com/ist0ne/OpenStack-Grizzly-Install-Guide-CN/master/KeystoneScripts/keystone_basic.sh

wget https://raw.github.com/ist0ne/OpenStack-Grizzly-Install-Guide-CN/master/KeystoneScripts/keystone_endpoints_basic.sh

chmod +x keystone_basic.sh

chmod +x keystone_endpoints_basic.sh

./keystone_basic.sh

./keystone_endpoints_basic.sh

*创建一个简单的凭据文件，这样稍后就不会因为输入过多的环境变量而感到厌烦:

vi creds-admin

#Paste the following:

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin_pass

export OS_AUTH_URL="http://10.131.252.246:5000/v2.0/"

# Load it:

source creds-admin

*通过命令行列出Keystone中添加的用户:

keystone user-list

如果keystone整个设置成功，会出现类似如下内容：

+----------------------------------+---------+---------+--------------------+

|                id                |   name  | enabled |       email        |

+----------------------------------+---------+---------+--------------------+

| d9111d46fdf644ea999a9cdeceb3d35c |  admin  |   True  |  admin@domain.com  |

| 90daa46f3b194d4dbcdba9a4c2a055b5 |  cinder |   True  | cinder@domain.com  |

| 7491908e0efd4fecb8333fb925b45c41 |  glance |   True  | glance@domain.com  |

| de6c1c536b2d437dab5904f10c5ba209 |   nova  |   True  |  nova@domain.com   |

| 17685b931b9348319f081351772ee1b2 | quantum |   True  | quantum@domain.com |

+----------------------------------+---------+---------+--------------------+

-----------------------------------------------------------------------------------

4. 设置Glance

OpenStack Image Service (Glance)，是一个虚拟机镜像的存储、查询和检索系统。glance-api 主要是用来接受各种api调用请求，并提供相应的操作。glacne-registry 用来

和MySQL数据库进行交互，存储或者获取镜像的元数据。

*安装Glance:

apt-get install glance

*确保glance服务在运行:

service glance-api status

service glance-registry status

*为Glance创建MySQL数据库:

mysql -u root -p

CREATE DATABASE glance;

GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';

quit;

*按下面更新glance-api-paste.ini:

vi /etc/glance/glance-api-paste.ini:

---

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

delay_auth_decision = true

auth_host = 10.131.252.246

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = glance

admin_password = service_pass

---

*按下面更新glance-registry-paste.ini:

vi /etc/glance/glance-registry-paste.ini

---

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 10.131.252.246

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = glance

admin_password = service_pass

---

*按下面更新glance-api.conf:

vi /etc/glance/glance-api.conf

---

sql_cOnnection= mysql://glanceUser:glancePass@10.10.100.51/glance

[paste_deploy]

flavor = keystone

---

*按下面更新glance-registry.conf:

vi /etc/glance/glance-registry.conf

---

sql_cOnnection= mysql://glanceUser:glancePass@10.10.100.51/glance

[paste_deploy]

flavor = keystone

---

*重启glance-api和glance-registry服务:

service glance-api restart; service glance-registry restart

*同步glance数据库:

glance-manage db_sync

*重启服务使配置生效:

service glance-registry restart; service glance-api restart

*测试Glance, 从网络上传cirros云镜像:

glance image-create --name cirros --is-public true --container-format bare --disk-format qcow2 --location 

https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

(注意：通过此镜像创建的虚拟机可通过用户名/密码登陆， 用户名：cirros 密码：cubswin:)

*本地创建Ubuntu云镜像:

wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img

glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ./precise-server-cloudimg-amd64-disk1.img

*列出镜像检查是否上传成功:

glance image-list

如果以上步骤执行成功，会出现如下内容：

+--------------------------------------+-----------------------------+-------------+------------------+------+--------+

| ID                                   | Name                        | Disk Format | Container Format | Size | Status |

+--------------------------------------+-----------------------------+-------------+------------------+------+--------+

| 542de40b-6abc-4dfa-990c-2747d493748d | cirros                      | qcow2       | bare             |      | active |

| 07da14ea-712e-4e92-8aec-6a013d957268 | Ubuntu 12.04 cloudimg amd64 | qcow2       | ovf              | 6238 | active |

+--------------------------------------+-----------------------------+-------------+------------------+------+--------+

---------------------------------------------------------------------------

5. 设置Quantum

一般虚拟网络有三种拓扑，一种是NET方式（即虚机里是内网地址，虚机间可以互访，虚机可以访问外面，但外面不可以访问虚机，当然宿主机除外），另一种是Bridge方式，这

是linux内核自带的一种方式（虚机可以访问外面，外面也可以访问虚机），最后一种就是VLAN，通过标签虚拟网络可以分为更多的相互隔离的小子网，一般用openVPN就可以很

容易实现。

quantum究竟是什么呢？上面三种网络拓扑是死的，quantum可以通过编程动态的调整拓扑，还可以动态定义网络QoS，并且基于一种openflow的标准协议，可以独立为一个单独的

模块用在其他地方。

这次尝试安装的为master,它与OVS_SingleNode的不同之处就在于此步骤中，OVS_SingleNode的安装过程中，有一个设置OpenVSwitch的步骤。

open vSwitch又是什么呢？它是一种软件实现的交换机，用于给一台物理机上的虚机提供虚拟网络服务，它的实现原理蛮简单，就是TUN，TUN其实就是linux内核提供的用于两个

进程间交换数据用的。在物理机里的两台虚机实际上就两个进程。

*安装Quantum组件:

apt-get install quantum-server quantum-plugin-linuxbridge quantum-plugin-linuxbridge-agent dnsmasq quantum-dhcp-agent quantum-l3-agent

*创建数据库:

mysql -u root -p

CREATE DATABASE quantum;

GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass';

quit;

*确认Quantum组件在运行:

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done

（注意：不止一个组件，所以会输出多个组件的运行状态，注意每个都要确认在运行。）

*编辑api-paste.ini：

vi /etc/quantum/api-paste.ini

---

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 10.131.252.246

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = quantum

admin_password = service_pass

---

*编辑OVS配置文件linuxbridge_conf.ini:

vi /etc/quantum/plugins/linuxbridge/linuxbridge_conf.ini

---

# under [DATABASE] section

sql_cOnnection= mysql://quantumUser:quantumPass@10.131.252.246/quantum

# under [LINUX_BRIDGE] section

physical_interface_mappings = physnet1:eth1

# under [VLANS] section

tenant_network_type = vlan

network_vlan_ranges = physnet1:1000:2999

---

*更新/etc/quantum/metadata_agent.ini:

vi /etc/quantum/metadata_agent.ini

---

# The Quantum user information for accessing the Quantum API.

auth_url = http://10.131.252.246:35357/v2.0

auth_region = RegionOne

admin_tenant_name = service

admin_user = quantum

admin_password = service_pass

# IP address used by Nova metadata server

nova_metadata_ip = 10.10.100.51

# TCP Port used by Nova metadata server

nova_metadata_port = 8775

metadata_proxy_shared_secret = helloOpenStack

---

*编辑quantum.conf:

vi /etc/quantum/quantum.conf

---

core_plugin = quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2

[keystone_authtoken]

auth_host = 10.131.252.246

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = quantum

admin_password = service_pass

signing_dir = /var/lib/quantum/keystone-signing

---

*编辑l3_agent.ini:

vi /etc/quantum/l3_agent.ini

---

[DEFAULT]

interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver

use_namespaces = True

external_network_bridge = br-ex

signing_dir = /var/cache/quantum

admin_tenant_name = service

admin_user = quantum

admin_password = service_pass

auth_url = http://10.131.252.246:35357/v2.0

l3_agent_manager = quantum.agent.l3_agent.L3NATAgentWithStateReport

root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf

---

*编辑dhcp_agent.ini:

vi /etc/quantum/dhcp_agent.ini

---

[DEFAULT]

interface_driver = quantum.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = quantum.agent.linux.dhcp.Dnsmasq

use_namespaces = True

signing_dir = /var/cache/quantum

admin_tenant_name = service

admin_user = quantum

admin_password = service_pass

auth_url = http://10.131.252.246:35357/v2.0

dhcp_agent_manager = quantum.agent.dhcp_agent.DhcpAgentWithStateReport

root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf

state_path = /var/lib/quantum

---

*重启quantum所有服务:

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done

service dnsmasq restart

(注意: 如果有服务运行在53端口，'dnsmasq'重启失败,可以kill掉那个服务器后再重启'dnsmasq')

---------------------------------------------------------------------------

6. 设置Nova

OpenStack Compute (Nova)，为云组织的控制器，它提供一个工具来部署云，包括运行实例、管理网络以及控制用户等等。nova的各个组件是以数据库和队列为中心进行通信的.

nova-compute负责决定创造虚拟机和撤销虚拟机，通过运行一系列系统命令（例如发起一个KVM实例，）并把这些状态更新到nova-database中去，其过程相当复杂，但是基本原

理很简单。

nova-schedule负责从queue里取得虚拟机请求并决定把虚拟机分配到哪个服务器上去。schedule的算法可以自己定义，目前有Simple （最少加载主机）,chancd(随机主机分配) 

，zone(可用区域内的随机节点)等算法。

nova-volume负责记录每一个计算实例，相当于一个计算请求吧，并负责创建，分配或撤销持久层容器(Amazon的，iSCSI，AoE等等)给这些compute instances。

nova -netwok负责处理队列里的网络任务。

nova-api守护进程是OpenStack Compute的中心。它为所有API查询提供一个入口， 并且同时支持OpenStack API 和 Amazon EC2 API。

*安装nova组件:

apt-get install nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm

（注意：如果你的宿主机不支持kvm虚拟化，可把nova-compute-kvm换成nova-compute-qemu

同时/etc/nova/nova-compute.conf配置文件中的libvirt_type=qemu）

*检查nova服务是否正常启动:

cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done

*为Nova创建Mysql数据库:

mysql -u root -p

CREATE DATABASE nova;

GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';

quit;

*在api-paste.ini配置文件中修改认证信息:

vi /etc/nova/api-paste.ini

---

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 10.131.252.246

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = nova

admin_password = service_pass

signing_dirname = /tmp/keystone-signing-nova

# Workaround for https://bugs.launchpad.net/nova/+bug/1154809

auth_version = v2.0

---

*如下修改nova.conf:

vi /etc/nova/nova.conf

---

[DEFAULT]

logdir=/var/log/nova

state_path=/var/lib/nova

lock_path=/run/lock/nova

verbose=True

api_paste_cOnfig=/etc/nova/api-paste.ini

compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler

rabbit_host=10.131.252.246

nova_url=http://10.131.252.246:8774/v1.1/

sql_cOnnection=mysql://novaUser:novaPass@10.131.252.246/nova

root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

# Auth

use_deprecated_auth=false

auth_strategy=keystone

# Imaging service

glance_api_servers=10.131.252.246:9292

image_service=nova.image.glance.GlanceImageService

# Vnc configuration

novnc_enabled=true

novncproxy_base_url=http://10.131.252.246:6080/vnc_auto.html

novncproxy_port=6080

vncserver_proxyclient_address=10.131.252.246

vncserver_listen=0.0.0.0

# Metadata

service_quantum_metadata_proxy = True

quantum_metadata_proxy_shared_secret = helloOpenStack

# Network settings

network_api_class=nova.network.quantumv2.api.API

quantum_url=http://10.131.252.246:9696

quantum_auth_strategy=keystone

quantum_admin_tenant_name=service

quantum_admin_username=quantum

quantum_admin_password=service_pass

quantum_admin_auth_url=http://10.131.252.246:35357/v2.0

libvirt_vif_driver=nova.virt.libvirt.vif.QuantumLinuxBridgeVIFDriver

linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver

firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver

# Compute #

compute_driver=libvirt.LibvirtDriver

# Cinder #

volume_api_class=nova.volume.cinder.API

osapi_volume_listen_port=5900

---

*修改nova-compute.conf:

vi /etc/nova/nova-compute.conf

---

[DEFAULT]

libvirt_type=kvm

compute_driver=libvirt.LibvirtDriver

libvirt_vif_type=ethernet

libvirt_vif_driver=nova.virt.libvirt.vif.QuantumLinuxBridgeVIFDriver

---

*同步数据库:

nova-manage db sync

*重启所有nova服务:

cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done

*检查所有nova服务是否启动正常:

nova-manage service list

如果以上步骤执行成功，显示如下内容：

---

Binary           Host                                 Zone             Status     State Updated_At

nova-cert        cloudA                               internal         enabled    :-)   2013-08-06 11:10:34

nova-conductor   cloudA                               internal         enabled    :-)   2013-08-06 11:10:34

nova-consoleauth cloudA                               internal         enabled    :-)   2013-08-06 11:10:34

nova-scheduler   cloudA                               internal         enabled    :-)   2013-08-06 11:10:34

nova-compute     cloudA                               nova             enabled    :-)   2013-08-06 11:10:26

---

------------------------------------------------------------------------

7. 设置Horizon

*如下安装horizon

apt-get install openstack-dashboard memcached

*如果你不喜欢OpenStack ubuntu主题, 你可以停用它:

dpkg --purge openstack-dashboard-ubuntu-theme

*重启Apache和memcached服务:

service apache2 restart; service memcached restart

---------------------------------------------------------------------------

至此，基本openstack基本安装成功，可在浏览器中打开10.131.252.246/horizon，会进入到openstack的登录界面，使用admin:admin_pass登录即可。