openstack控制节点:
Master | Hostname | 硬盘 | 内存 | Cpu | Ip | 备注 |
Controller | controller | 1T | 320G | 16 | 192.168.5.55 |
Openstack计算节点:
node | Hostname | 硬盘 | 内存 | Cpu | Ip | 备注 |
Compute1 | compute1 | 1T | 320G | 16 | 192.168.5.56 | |
Compute2 | compute2 | 1T | 320G | 16 | 192.168.5.57 |
部署结构说明
Openstack-H版的搭建结构,参考官方网站的部署结构。采用一个控制节点,多个计算节点的部署结构。各个计算节点的网络资源由各自管理分配,形成单独的网络控制中心,大致的部署结构如下:
Openstack-H版部署结构
Openstack-H版实施步骤
1.1环境要求
Openstack-havana + Ubuntu12.04(LTS) + KVM
主机Ip配置:
controller(控制节点):
controller:
eth2:192.168.1.55(要求能上网)
eth3:192.168.2.55(网段在目前测试环境定为2网段)-----生产环境根据实际情况调整
node(计算节点):
compute1:
eth2:192.168.1.56
compute2:
eth2:192.168.1.57
主机名配置:
controller(控制节点):
controller:
/etc/hosts:
192.168.1.55controller
192.168.1.56compute1
/etc/hostname:
controller
node(计算节点):
compute1:
/etc/hosts:
192.168.1.55controller
192.168.1.56compute1
/etc/hostname:
compute1
compute2:
/etc/hosts:
192.168.1.55controller
192.168.1.57compute2
/etc/hostname:
compute2
1.1安装前准备
安装openstack-havana版本之前有一些基础软件和操作需要在控制节点和计算节点上提前做操作,为下一步安装Havana相关组件做准备。
控制节点安装ntp、mysql(server)、Cloud Archive、rabbitmq-server:
1、apt-get install ntp
安装完成后在/etc/cron.daily/ntpdate文件中添加如下内容:
ntpdate controller
hwclock –w
增加可执行权限:
#chmod a+x/etc/cron.daily/ntpdate
2、apt-get installpython-mysqldb mysql-server
安装完成后在/etc/mysql/my.cnf文件中修改bind_address参数,具体如下:
# Instead of skip-networking the default is nowto listen only on
# localhost which is more compatible and is notless secure.
bind-address = 0.0.0.0
数据库安装配置完成后,如果想第一次启动数据库时情况数据库的话,需要执行如下命令:
#mysql_secure_installation
3、apt-get installpython-software-properties
添加havana版本的Cloud Archive组件:
add-apt-repositorycloud-archive:Havana
更新并升级系统:
apt-get update&& apt-get dist-upgrade
完成后重启操作系统
4、apt-get installrabbitmq-server
修改一下密码:
#rabbitmqctlchange_password guest NEW_PASS
计算节点安装ntp、mysql(client)、Cloud Archive:
1、apt-get install ntp
安装完成后在/etc/cron.daily/ntpdate文件中添加如下内容:
ntpdate controller
hwclock –w
增加可执行权限:
#chmod a+x/etc/cron.daily/ntpdate
2、apt-get installpython-mysqldb mysql-client
控制节点就不需要安装mysql的服务器端了,也不需要启动mysql的服务,只要保证能够连接到控制节点的mysql数据库即可。
3、apt-get installpython-software-properties
添加havana版本的CloudArchive组件:
add-apt-repository cloud-archive:Havana
更新并升级系统:
apt-get update&& apt-get dist-upgrade
完成后重启操作系统
以上准备工作都完成后,就可以开始安装havana版本的相关组件了。
1.1安装keystone及配置
Keystone(OpenStack Identity Service)是OpenStack框架中,负责身份验证、服务规则和服务令牌的功能,它实现了OpenStack的Identity API。Keystone类似一个服务总线,或者说是整个Openstack框架的注册表,其他服务通过keystone来注册其服务的Endpoint(服务访问的URL),任何服务之间相互的调用,需要经过Keystone的身份验证,来获得目标服务的Endpoint来找到目标服务。
1、apt-get install keystone
编辑/etc/keystone/keystone.conf文件,修改数据库连接:
[sql]
# The SQLAlchemy connection string used toconnect to the database
connection =mysql://keystone:KEYSTONE_DBPASS@controller/keystone
2、创建数据库:
# mysql -u root -p
mysql> CREATEDATABASE keystone;
mysql> GRANT ALLPRIVILEGES ON keystone.* TO 'keystone'@'localhost' \IDENTIFIED BY 'KEYSTONE_DBPASS';
mysql> GRANT ALLPRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
3、初始化数据库:
# keystone-managedb_sync
# service keystonerestart
4、创建验证token:
# openssl rand -hex 10
记录此命令执行后的产生的数字串,将此数字串写入到
/etc/keystone/keystone.conf文件:
[DEFAULT]
# A "shared secret" between keystoneand other openstack services
admin_token = ADMIN_TOKEN
5、重启kestone认证服务
service keystonerestart
6、定义用户、租户和角色,新增如下环境变量:
# exportOS_SERVICE_TOKEN=FCAF3E...(刚刚记录的数字串)
# exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
7、创建租户
# keystonetenant-create --name=admin --description="Admin Tenant"
# keystonetenant-create --name=service --description="Service Tenant"
8、创建用户
# keystoneuser-create --name=admin --pass=ADMIN_PASS \
--email=admin@example.com
9、创建角色
# keystone role-create--name=admin
10、添加用户、租户和角色
# keystone user-role-add--user=admin --tenant=admin --role=admin
11、创建服务实体
12、# keystone service-create --name=keystone--type=identity \
--description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | KeystoneIdentity Service |
| id |15c11a23667e427e91bc31335b45f4bd |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
1、创建结束点
# keystone endpoint-create \
--service-id=the_service_id_above\
--publicurl=http://controller:5000/v2.0\
--internalurl=http://controller:5000/v2.0\
--adminurl=http://controller:35357/v2.0
+-------------+-----------------------------------+
| Property | Value |
+-------------+-----------------------------------+
| adminurl |http://controller:35357/v2.0 |
| id |11f9c625a3b94a3f8e66bf4e5de2679f |
| internalurl |http://controller:5000/v2.0 |
| publicurl |http://controller:5000/v2.0 |
| region | regionOne |
| service_id |15c11a23667e427e91bc31335b45f4bd |
+-------------+-----------------------------------+
2、验证kestone服务安装
# unset OS_SERVICE_TOKENOS_SERVICE_ENDPOINT
# keystone --os-username=admin --os-password=ADMIN_PASS\
--os-tenant-name=admin--os-auth-url=http://controller:35357/v2.0 token-get
3、编辑kestone环境变量文件keystonerc,记得把之前添加的两个环境变量也加上:
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_TENANT_NAME=admin
exportOS_AUTH_URL=http://controller:35357/v2.0
exportOS_SERVICE_TOKEN=FCAF3E...(刚刚记录的数字串)
exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
4、执行sourcekeystonerc和echo "sourcekeystonerc">>.bashrc写入环境变量
5、验证环境变量设置成功
#keystone token-get
6、最后验证一下kestone用户、租户和角色是否添加成功
# keystone user-list
+----------------------------------+---------+--------------------+--------+
| id | enabled | email |name |
+----------------------------------+---------+--------------------+--------+
| a4c2d43f80a549a19864c89d759bb3fe | True |admin@example.com | admin
1.1安装glance及配置
Glance项目提供虚拟机镜像的发现,注册,取得服务。
Glance提供restful API可以查询虚拟机镜像的metadata,并且可以获得镜像。
通过Glance,虚拟机镜像可以被存储到多种存储上,比如简单的文件存储或者对象存储(比如OpenStack中swiftx项目)。
1、apt-get install glance
2、编辑
/etc/glance/glance-api.conf
/etc/glance/glance-registry.conf两个文件,修改数据库连接:
[DEFAULT]
...
# SQLAlchemy connectionstring for the reference implementation
# registry server. Any validSQLAlchemy connection string is fine.
# See:http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.
html#sqlalchemy.create_engine
sql_connection =mysql://glance:GLANCE_DBPASS@localhost/glance
3、默认的sqlite数据库文件在/var/lib/glance目录中,可以把glance.sqlite删除,以免数据库连接出错
4、创建nova数据库
# mysql -u root -p
mysql> CREATE DATABASEglance;
mysql> GRANT ALLPRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY'GLANCE_DBPASS';
mysql> GRANT ALLPRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
5、初始化数据库
# glance-manage db_sync
6、创建认证用户并添加
# keystone user-create--name=glance --pass=GLANCE_PASS \
--email=glance@example.com
# keystone user-role-add--user=glance --tenant=service --role=admin
7、添加认证配置
编辑/etc/glance/glance-api.conf和/etc/glance/glanceregistry.conf
修改[keystone_authtoken]这个区域内容如下:
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
8、编辑
/etc/glance/glance-apipaste.ini
和
/etc/glance/glance-registry-paste.ini添加认证配置:
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
9、创建镜像服务
# keystone service-create --name=glance--type=p_w_picpath \
--description="GlanceImage Service"
10、创建结束点
# keystone endpoint-create \
--service-id=the_service_id_above\
--publicurl=http://controller:9292\
--internalurl=http://controller:9292\
--adminurl=http://controller:9292
11、重启glance相关服务
# service glance-registryrestart
# service glance-apirestart
12、验证glance组件安装
验证glance组件安装,使用一个轻量级的系统CirrOS来作为启动系统,具体步骤如下:
# mkdir p_w_picpaths
# cd p_w_picpaths/
# curl
-Ohttp://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-
disk.img
13、创建镜像并上传
# glance p_w_picpath-create--name="CirrOS 0.3.1" --disk-format=qcow2 \
--container-format=bare--is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum |d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at |2013-10-08T18:59:18 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id |acafc7c0-40aa-4026-9673-b879898e1fc2 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner |efa984b0a914450e9a47788ad330699d |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at |2013-05-08T18:59:18 |
+------------------+--------------------------------------+
14、验证一下镜像上传是否成功
# glance p_w_picpath-list
+--------------------------------------+-----------------+-------------
+------------------+----------+--------+
| ID | Name | Disk Format |
Container Format | Size |Status |
+--------------------------------------+-----------------+-------------
+------------------+----------+--------+
|acafc7c0-40aa-4026-9673-b879898e1fc2 | CirrOS 0.3.1 | qcow2 |
bare | 13147648 | active |
+--------------------------------------+-----------------+-------------
+------------------+----------+--------+
1.2安装nova及配置
此次安装过程中控制节点不安装nova-compute和nova-network服务,将这两个服务单独部署到计算节点上,控制节点只做控制用。具体杆状步骤如下:
1、apt-get installnova-novncproxy novnc nova-api \
nova-ajax-console-proxynova-cert nova-conductor \
nova-consoleauthnova-doc nova-scheduler python-novaclient
2、编辑/etc/nova/nova.conf文件,修改数据连接:
...
[database]
# The SQLAlchemy connectionstring used to connect to the database
connection =mysql://nova:NOVA_DBPASS@controller/nova
3、创建nova数据库
# mysql -u root -p
mysql> CREATE DATABASEnova;
mysql> GRANT ALL PRIVILEGESON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALLPRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
4、初始化数据库
# nova-manage db sync
5、添加vnc地址,编辑/etc/nova/nova.conf
...
[DEFAULT]
...
my_ip=192.168.0.10
vncserver_listen=192.168.0.10
vncserver_proxyclient_address=192.168.0.10
6、创建nova用户
#keystone user-create--name=nova --pass=NOVA_PASS --email=nova@example.com
# keystone user-role-add--user=nova --tenant=service --role=admin
7、设置nova认证方式,编辑/etc/nova/nova.conf文件:
...
[DEFAULT]
...
auth_strategy=keystone
8、编辑nova-api认证方式,编辑文件/etc/nova/api-paste.ini:
[filter:authtoken]
paste.filter_factory =keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = anxiang
9、创建nova认证用户
# keystone service-create--name=nova --type=compute \
--description="NovaCompute Service"
10、创建结束点
# keystone endpoint-create \
--service-id=the_service_id_above\
--publicurl=http://controller:8774/v2/%\(tenant_id\)s\
--internalurl=http://controller:8774/v2/%\(tenant_id\)s\
--adminurl=http://controller:8774/v2/%\(tenant_id\)s
11、编辑/etc/nova/nova.conf文件,添加消息服务器配置:
rpc_backend =nova.rpc.impl_kombu
rabbit_host = controller
12、重启nova相关服务
# service nova-api restart
# service nova-cert restart
# service nova-consoleauthrestart
# service nova-schedulerrestart
# service nova-conductorrestart
# service nova-novncproxyrestart
13、验证nova服务是否安装启动完成
# nova p_w_picpath-list
+--------------------------------------+-----------------+--------
+--------+
| ID | Name | Status |Server
|
+--------------------------------------+-----------------+--------
+--------+
|acafc7c0-40aa-4026-9673-b879898e1fc2 | CirrOS 0.3.1 | ACTIVE |
|
+--------------------------------------+-----------------+--------
+--------+
1.3计算节点安装
此次安装由于部署结构的改变,计算节点的安装也相对比较简单。按照此次部署结构的安排规划,计算节点上只需启动nova-compute和nova-network这两个服务即可。当然在安装计算节点相关组件之前,要确保每台计算节点的主机执行了“安装前准备”中的计算节点准备部分。具体安装步骤如下:
1、# apt-get installnova-compute-kvm python-guestfs
当安装到supermin appliance时要选择Yes
安装完成后执行
# chmod 0644/boot/vmlinuz*
2、删除sqlite数据库文件
# rm/var/lib/nova/nova.sqlite
3、从控制节点主机直接拷贝/etc/nova/nova.conf文件,只需修改vnc配置部分:
[DEFAULT]
...
my_ip=192.168.0.11--------------计算节点IP
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.0.11---------计算节点IP
4、镜像主机配置/etc/nova/nova.conf
[DEFAULT]
...
glance_host=controller
5、同样从控制节点拷贝/etc/nova/api-paste.ini文件,不用修改,直接使用
6、重启nova-compute服务,注意查看日志:
# service nova-computerestart
7、安装nova-network服务
# apt-get installnova-network
8、编辑/etc/nova/nova.conf文件,添加如下内容:
[DEFAULT]
...
network_manager=nova.network.manager.FlatDHCPManager
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
network_size=254
allow_same_net_traffic=False
multi_host=True
send_arp_for_ha=True
share_dhcp_address=True
force_dhcp_release=True
flat_network_bridge=br100
flat_interface=eth3
public_interface=eth2
rabbit_host=controller
9、重启nova-network服务
# service nova-networkrestart
10、从控制节点拷贝keystonerc文件,同样执行如下操作:
#source keystonerc
#echo "sourcekeystonerc">>.bashrc
11、创建vmnet网络
# nova network-createvmnet --fixed-range-v4=192.168.2.0/24 \
--bridge-interface=br100--multi-host=T
1.启动镜像
上述操作已经将openstack-havana版本的控制节点和计算节点全部安装完成了,接下来通过命令行在计算节点上传一个镜像验证一下以上操作是否安装完成。
1、创建密钥
#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key(/root/.ssh/id_rsa): mykey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is:
84:49:1f:00:1c:ad:a7:a4:aa:3c:f6:ed:ed:48:34:ceroot@controller
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
|.o+o..|
|...+.|
|.oo|
|o..|
|o=S|
|. =.|
| .E|
|oooo|
|+.o..+.o|
+-----------------+
最终会在当前路径下生成一个名为mykey.pub的密钥文件,然后执行
nova keypair-add--pub_key mykey.pub mykey
密钥添加成功
2、检查密码是否添加成功
# nova keypair-list
+--------+-------------------------------------------------+
| Name | Fingerprint|
+--------+-------------------------------------------------+
| mykey |b0:18:32:fa:4e:d4:3c:1b:c4:6c:dd:cb:53:29:13:82 |
+--------+-------------------------------------------------+
3、查看openstack模板执行:
#nova flavor-list
+----+-----------+-----------+------+-----------+------+-------
+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap| VCPUs |
RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------
+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0
| True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0
| True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0
| True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0
| True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0
| True |
+----+-----------+-----------+------+-----------+------+-------
+-------------+-----------+
4、查看可用镜像列表
# nova p_w_picpath-list
+--------------------------------------+--------------+--------+--------+
| ID | Name | Status| Server |
+--------------------------------------+--------------+--------+--------+
|9e5c2bee-0373-414c-b4af-b91b0246ad3b | CirrOS 0.3.1 | ACTIVE | |
+--------------------------------------+--------------+--------+--------+
5、添加访问权限
# novasecgroup-add-rule default tcp 22 22 0.0.0.0/0
# novasecgroup-add-rule default icmp -1 -1 0.0.0.0/0
6、选择flavor 1或者2创建一个实例
$ nova boot --flavor1 --key_name mykey --p_w_picpath 9e5c2bee-0373-414c-b4afb91b0246ad3b
--security_groupdefault cirrOS
+--------------------------------------
+--------------------------------------+
| Property | Value
|
+--------------------------------------
+--------------------------------------+
|OS-EXT-STS:task_state | scheduling
|
| p_w_picpath | CirrOS0.3.1
|
|OS-EXT-STS:vm_state | building
|
|OS-EXT-SRV-ATTR:instance_name | instance-00000001
|
|OS-SRV-USG:launched_at | None
BUILD
|
| updated |2013-10-10T06:47:26Z
|
| hostId |
|
|OS-EXT-SRV-ATTR:host | None
|
|OS-SRV-USG:terminated_at | None
|
| key_name | mykey
|
|OS-EXT-SRV-ATTR:hypervisor_hostname | None
|
| name | cirrOS
|
| adminPass |DWCDW6FnsKNq
|
| tenant_id | e66d97ac1b704897853412fc8450f7b9
|
| created |2013-10-10T06:47:23Z
|
|os-extended-volumes:volumes_attached | []
|
| metadata | {}
|
+--------------------------------------
+--------------------------------------+
7、实例创建完毕后,执行如下命令检查实例状态,正常的话应为active状态:
$ nova list
+--------------------------------------+-----------+--------+------------
+-------------+----------------+
| ID | Name | Status| Task State |
Power State |Networks |
+--------------------------------------+-----------+--------+------------
+-------------+----------------+
|dcc4a894-869b-479a-a24a-659eef7a54bd | cirrOS | ACTIVE | None |
Running | vmnet=192.168.2.2|
+--------------------------------------+-----------+--------+------------
+-------------+----------------+
8、执行
# ssh 验证虚拟机实例创建成功,密码为:cubswin
2.安装dashboard
Openstack-havana版本的dashboard安装相对比较简单,不需要特殊的配置,只需要安装就可以使用,安装命令如下:
# apt-get install memcached libapache2-mod-wsgi openstack-dashboard
安装完成后,打开火狐浏览器输入:
用户名:admin
密码:anxiang