Openstack完整搭建系统整理版
Operating SystemHow to login to Ubuntu(12.04) Server system
Login as a normal user
user: openstack
password: password
Obtain Root privilege
sudo su -
password: password
Update Host configuration
hostname controller
echo "controller" > /etc/hostnamecat > /etc/hosts << EOF
127.0.0.1 localhost
127.0.1.1 controller
{put_eth0_ip_here} controller
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
EOFConfigure the network
Setup the network in Native OpenStack VM
# NOTE: The current IP is statically assigned by our system. Please do not change it.vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.8.210
netmask 255.255.255.0
gateway 192.168.8.1
dns-nameservers 192.168.8.15 8.8.8.8 # 需在此配置DNS,不可直接修改/etc/resolv.conf文件
auto eth1
iface eth1 inet static
address 192.168.8.211
netmask 255.255.255.0
auto eth2
iface eth2 inet static
address 192.168.8.212
netmask 255.255.255.0Restart the network service
/etc/init.d/networking restart
Enable IP forwarding
# To permit IP packets pass through different networks, # the network card should be configured with routing capability.
echo"net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
Upgrade your system to the latest version
Add software repository
echo -en 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main\n
deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main' \
>> /etc/apt/sources.list.d/havana.list
Upgrade the system
apt-get update && apt-get dist-upgrade
Install NTP
Install the package
apt-get install -y ntp
Update /etc/ntp.conf file
# Here we set ntp.ubuntu.com as the direct source of time.# You will also find that a local time source # is also provided in case of internet time service interruption.sed -i 's/server ntp.ubuntu.com/ \
server ntp.ubuntu.com \
server 127.127.1.0 \
fudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
Restart NTP service
service ntp restart
Set the OpenStack installation environment
# Create the environment variablescat > /root/novarc << EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export RABBIT_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' \
| cut -f2 -d ":" | awk -F "." '{print $1"."$2"."$3}').224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=stackinsider
export MASTER="$(/sbin/ifconfig eth0 \
| awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
export LOCAL_IP="$(/sbin/ifconfig eth1 \
| awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF
# Update the global environment variables.cat/root/novarc >>/etc/profile
source /etc/profile
MySQL Server
Setup the MySQL password for administrator
cat << MYSQL_PRESEED | debconf-set-selections
mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS
mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED
Install the packages
apt-get -y install mysql-server python-mysqldb curl
Allow external connections
# Bind MySQL service to all network interfaces.
sed -i's/127.0.0.1/0.0.0.0/g'/etc/mysql/my.cnf
Restart MySQL service
service mysql restart
Create Databases, Users, Privileges for OpenStack
mysql -uroot -p$MYSQL_PASS << EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$MYSQL_PASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '$MYSQL_PASS';
FLUSH PRIVILEGES;
EOF
Message Queue Server: RabbitMQ
Install the packages
# Install the messaging queue server. Typically it is RabbitMQ.
apt-get -y install rabbitmq-server
Change the default password
rabbitmqctl change_password guest $RABBIT_PASSWORD
OpenStack Identity Server: Keystone
Install the packages
apt-get -y install keystone
Update /etc/keystone/keystone.conf
sed -i -e " s/# admin_token = ADMIN/admin_token = $SERVICE_TOKEN/g; \
s/# bind_host = 0.0.0.0/bind_host = 0.0.0.0/g; \
s/# public_port = 5000/public_port = 5000/g; \
s/# admin_port = 35357/admin_port = 35357/g; \
s/# compute_port = 8774/compute_port = 8774/g; \
s/# verbose = True/verbose = True/g; \
s/# idle_timeout/idle_timeout/g" /etc/keystone/keystone.conf
Update MySQL connection for Keyatone
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}'\
/etc/keystone/keystone.conf
Restart Keystone and Sync database
service keystone restart
keystone-manage db_sync
Create users, tenants, services for OpenStack
wget http://wiki.stackinsider.com/images/9/99/Ksdata.sh_.txt -O Ksdata.shsed -i 's/quantum/neutron/g' Ksdata.shsed -i 's/QUANTUM/NEUTRON/g' Ksdata.shsh Ksdata.sh
Create endpoints for OpenStack
wget http://wiki.stackinsider.com/images/1/18/Ksendpoints.sh_.txt -O Ksendpoints.shsed -i 's/quantum/neutron/g' Ksendpoints.shsh Ksendpoints.sh
OpenStack Image Server: Glance
Install the packages
apt-get -y install glance
Update the credentials for Glance
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \
s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; \
" /etc/glance/glance-api.conf/etc/glance/glance-registry.conf
Update MySQL connection for Glance
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}'\
/etc/glance/glance-registry.conf /etc/glance/glance-api.conf
Setup notifier for Glance
sed -i " s/notifier_strategy = noop/notifier_strategy = rabbit/g;\ s/rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g;" \
/etc/glance/glance-api.conf
Setup flavor for Glance
cat << EOF >>/etc/glance/glance-api.conf
flavor = keystone+cachemanagement
EOF
cat << EOF >>/etc/glance/glance-registry.conf
flavor = keystone
EOF
Restart Glance services
service glance-api restart
service glance-registry restart
Sync Glance database
glance-manage db_sync
Download Cirros image
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
Upload Cirros image to Glance
glance add name=cirros-0.3.0-x86_64 is_public=truecontainer_format=bare \
disk_format=qcow2 </root/cirros-0.3.0-x86_64-disk.img
Check the image
# Check the image ID to confirm if Glance operates normally.
glance index
OpenStack Block Storage: Cinder
Install the packages
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget \
open-iscsi iscsitarget-dkms python-cinderclient
Prepare the logical volumnes for Cinder
You can manage Cinder via a pre-prepared logical volumes "cinder-volumes", the size of which is 1.2GB.
fdisk -l
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb
Volume group "cinder-volumes" successfully created
iSCSI configuration
Enable the iSCSI target service
sed -i 's/false/true/g'/etc/default/iscsitarget
Re-configure the kernel modules
dpkg-reconfigure iscsitarget-dkms
Restart iSCSI services
service iscsitarget restart && service open-iscsi restart
Update the configuration file of Cinder
cat >/etc/cinder/cinder.conf <<EOF
sql_connection = mysql://cinder:$MYSQL_PASS@$MASTER/cinder
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
rabbit_password = $RABBIT_PASSWORD
EOF
Update the credentials of Cinder
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/cinder/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " \
/etc/cinder/api-paste.ini
Synchronize the database of Cinder
cinder-manage db sync
Restart the services of Cinder
service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart
OpenStack Network Server: Neutron
Install the Open vSwitch
apt-get install -y openvswitch-switch
apt-get install module-assistant
module-assistant auto-install openvswitch-datapath
若遇kernel-header错误,则执行以下命令,再执行上一步命令即可:
ln -s /usr/src/linux-headers-`uname -r`/include/generated/uapi/linux/version.h /lib/modules/`uname -r`/build/include/linux/
Configure the network bridge
Configure the bridge for internal communication
ovs-vsctl add-br br-int
Configure the bridge for external communication
ovs-vsctl add-br br-eth2
# Enable external network access under nested Open vSwitchifconfig br-eth2 promisc up
Bind eth2 to the external bridge
ovs-vsctl add-port br-eth2 eth2
Update the external bridge configuration
vim /etc/network/interfaces
# Modify the corresponding configuration
auto eth2
iface eth2 inet manual
up ifconfig$IFACE 0.0.0.0 up
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off
down ifconfig$IFACE down
auto br-eth2
iface br-eth2 inet static
address {put_eth2_ip_here}netmask 255.255.255.0
up ip linkset$IFACE promisc on
down ip linkset$IFACE promisc off
Restart the network service
/etc/init.d/networking restart
Install Neutron
apt-get -y install neutron-server python-cliff \
neutron-plugin-openvswitch-agent \
neutron-dhcp-agent python-pyparsing
Configure the RabbitMQ
sed -i -e " s/# auth_strategy/auth_strategy/g; \ s/# fake_rabbit/fake_rabbit/g; \ s/# rabbit_host = localhost/rabbit_host = $MASTER/g; \ s/# rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g"/etc/neutron/neutron.conf
Configure the Neutron
Update the general configuration for Neutron
cat << EOF >>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[database]connection=mysql://neutron:$MYSQL_PASS@$MASTER/neutron
[ovs]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth2
EOF
Update the MySQL connection for Neutron
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"neutron"':'"password"'@'"$MASTER"'/neutron|g}' \/etc/neutron/neutron.conf
Update the metadata agent for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/metadata_agent.ini
Update the credentials for Neutron
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/neutron/g; \ s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; "/etc/neutron/neutron.conf
Change the passphase of Neutron metadata agent
sed -i -e " s/# metadata_proxy_shared_secret =/metadata_proxy_shared_secret \ = helloStackinsider/g; "/etc/neutron/metadata_agent.ini
Change the passphase of Neutron dhcp agent
sed -i -e " s/# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/interface_driver = \ neutron.agent.linux.interface.OVSInterfaceDriver/g; "/etc/neutron/dhcp_agent.ini
Restart the Neutron services
cd /etc/init.d/; for i in $(ls neutron-*); do sudo service $i restart; done
OpenStack Controller Server: Nova Controller
Install the packages
apt-get -y install nova-api nova-cert nova-common pm-utils nova-conductor \
nova-scheduler python-nova python-novaclient nova-consoleauth novnc nova-novncproxy
Configure Nova
Update the credential for Nova
sed -i -e " s/127.0.0.1/$MASTER/g; s/%SERVICE_TENANT_NAME%/service/g; \ s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " \
/etc/nova/api-paste.ini
Update the general configuration: /etc/nova/nova.conf
cat >/etc/nova/nova.conf <<EOF
# MySQL Connection #
sql_connection=mysql://nova:$MYSQL_PASS@$MASTER/nova
# nova-scheduler #
rabbit_host=$MASTER
rabbit_password=$RABBIT_PASSWORD
#scheduler_driver=nova.scheduler.simple.SimpleScheduler
#compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
# nova-api #
cc_host=$MASTER
auth_strategy=keystone
s3_host=$MASTER
ec2_host=$MASTER
nova_url=http://$MASTER:8774/v1.1/
ec2_url=http://$MASTER:8773/services/Cloud
keystone_ec2_url=http://$MASTER:5000/v2.0/ec2tokens
api_paste_config=/etc/nova/api-paste.ini
allow_admin_api=true
use_deprecated_auth=false
ec2_private_dns_show_ip=True
dmz_cidr=169.254.169.254/32
ec2_dmz_host=169.254.169.254
metadata_host=$MASTER
metadata_listen=0.0.0.0
enabled_apis=ec2,osapi_compute,metadata
# Networking #
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://$MASTER:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=$SERVICE_PASSWORD
neutron_admin_auth_url=http://$MASTER:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
#Metadata
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = helloStackinsider
# Compute #
compute_driver=libvirt.LibvirtDriver
# Cinder #
volume_api_class=nova.volume.cinder.API
# Glance #
glance_api_servers=$MASTER:9292
image_service=nova.image.glance.GlanceImageService
# novnc #
novnc_enable=true
novncproxy_base_url=http://$MASTER:6080/vnc_auto.html
vncserver_proxyclient_address=$MASTER
vncserver_listen=$MASTER
# Misc #
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
#root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf
rootwrap_config=/etc/nova/rootwrap.conf
verbose=true
#verbose=false
EOF
Synchronize Nova database
nova-manage db sync
Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
OpenStack Compute Server: Nova Compute
Install the Hypervisor
apt-get install -y kvm libvirt-bin pm-utils
Setup Cgroup support for libvirt
cat << EOF >>/etc/libvirt/qemu.conf
cgroup_device_acl = ["/dev/null", "/dev/full", "/dev/zero","/dev/random", "/dev/urandom","/dev/ptmx", "/dev/kvm", "/dev/kqemu","/dev/rtc", "/dev/hpet","/dev/net/tun",
]
EOF
Allow Live Migration
sed -i '/#listen_tls/s/#listen_tls/listen_tls/;/#listen_tcp/s/#listen_tcp/listen_tcp/;/#auth_tcp/s/#auth_tcp/auth_tcp/; /auth_tcp/s/sasl/none/' \/etc/libvirt/libvirtd.conf
Listen on TCP
sed -i '/env libvirtd_opts/s/-d/-d -l/'/etc/init/libvirt-bin.conf
sed -i '/libvirtd_opts/s/-d/-d -l/'/etc/default/libvirt-bin
Restart libvirt-bin service
service libvirt-bin restart
Install the Nova Compute
apt-get -y install nova-compute-kvm
Modify the libvirt_type
vi /etc/nova/nova-compute.conf
libvirt_type=kvm 修改为 libvirt_type=qemu
Restart Nova services
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
OpenStack Dashboard: Horizon
Install Horizon
apt-get -y install apache2 libapache2-mod-wsgi openstack-dashboard memcached python-memcache
Prepare Tenant Network
Create a bash script for preparation
vi /root/prepare_network.sh#!/bin/bash
# Create Tenant and User #
tenant=TenantA
user=UserA
usermail=usera@stackinsider.com
role=Member
if keystone tenant-list | grep -q $tenant;then
echo "Tenant $tenant existed!"
else
tenant_id=`keystone tenant-create --name $tenant | awk '/id/{print $4}'`
fi
if keystone user-list | grep -q $user;then
echo "User $user existed!"
else
keystone user-create --name=$user --pass=password --tenant-id $tenant_id --email=$usermail
fi
keystone user-role-add --tenant $tenant--user $user --role $role
# Create virtual router and sub-network #
neutron net-create --tenant-id ${tenant_id} sharednet1 --shared --provider:network_type flat \
--provider:physical_network physnet1
neutron subnet-create --tenant-id ${tenant_id} sharednet1 192.168.100.0/24 --no-gateway \
--allocation-pool start=192.168.100.150,end=192.168.100.200 # 新建子网,配置共享网段
Execute the bash script to create network interconnection
bash prepare_network.sh
Set up the default security group rules
# Obtain TenantA's default security group ID
neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list
# Enable ICMP and TCP ports
neutron security-group-rule-create --protocol icmp --direction ingress {TenantA security group ID}
neutron security-group-rule-create --protocol icmp --direction egress {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction egress --port-range-min 1 --port-range-max 65535 {TenantA security group ID}
neutron security-group-rule-create --protocol tcp --direction ingress --port-range-min 1 --port-range-max65535{TenantA security group ID}
Start a VM
Check the Ubuntu image
# Check the image ID to confirm if Glance operates normally.
glance index
Generate ssh key and Upload it to Nova
# Generate ssh key
ssh-keygen
# Upload ssh pub key to nova
nova keypair-add key01 --pub-key ~/.ssh/id_rsa.pub
Launch a VM
nova --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 boot --flavor 1 --image{the cirros ID from Glance} --security_group default --key-name key01 vm001
Check the VM status
# Check your VM status
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
Access the VM instance using its flat IP
# Obtain the VM's fixed IP
nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list
# You can find its fixed IP in the "Networks" section: sharednet1={flat IP}.# SSH to your VM when your VM is ACTIVEssh cirros@{put_flat_ip_here}Access the Dashboard
http://controller/horizon (controller为主机名)
Questions
执行“neutron --os-tenant-name TenantA --os-username UserA --os-password password --os-auth-url=http://localhost:5000/v2.0 security-group-list”出现错误:
“404 Not Found.The resource could not be found.”
解决:
vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
然后重启neutron服务:
cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; done
页:
[1]