基于Ubuntu 12.04的OpenStack Havana版手工安装过程,OpenStack包含的组件比较多,Keystone是认证和授权的为必须安装;
如果你只使用计算部分最小安装为:Keystone(Identity service)+Glance(Image Service)+Nova(Compute Service);
操作系统配置
安装操作系统时只选择Open SSH Server就行了;,安装完成后,先把vim安装以下编辑起来比较好用。
Network
/etc/network/interfaces
... # The primary network interface auto eth0 #iface eth0 inet dhcp iface eth0 inet static address 192.168.2.135 netmask 255.255.255.0 gateway 192.168.2.20 dns-nameservers 61.134.1.4 8.8.8.8 ...
/etc/hosts
... 127.0.0.1 localhost controller ...
Network Time Protocol (NTP)
# apt-get install ntp
MySQL
控制服务器上需要安装mysql-server和python-mysqldb;
# apt-get install python-mysqldb mysql-server
节点服务器只需要安装pyhton-mysqldb,如果是单服务器安装,这一步就不执行了;
# apt-get install python-mysqldb
配置OpenStack仓库
# apt-get install python-software-properties # add-apt-repository cloud-archive:havana
# apt-get update && apt-get dist-upgrade # reboot
Message Server
# apt-get install rabbitmq-server
修改密码,默认的密码是guest;
# rabbitmqctl change_password guest cskj906
注意:如果后面出现在执行命令时阻塞,并且在日志中发现如下信息,一般重新修改密码即可(有几次前面修改过了,到了后边安装组件时,密码好像又不对了,还未查找问题根源):
AMQP server on controller:5672 is unreachable: Socket closed. Trying again in 13 seconds. Reconnecting to AMQP server on controller:567
配置Identity Service(Keystone)
安装keystone和python-keystoneclient;
# apt-get install keystone
在/etc/keystone/keystone.conf中修改sql链接
... [sql] # The SQLAlchemy connection string used to connect to the database connection = mysql://keystone:cskj906@localhost:3306/keystone ...
创建keystone数据库和用户
# mysql -uroot -pcskj906 mysql> CREATE DATABASE keystone DEFAULT CHARACTER SET utf8 collate utf8_general_ci; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'cskj906'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'cskj906';
初始化数据库
# keystone-manage db_sync
在/etc/keystone/keystone.conf的DEFAULT段中修改admin_token
[DEFAULT] # A "shared secret" between keystone and other openstack services admin_token = cskj906 ...
重新启动服务
# service keystone restart
建立用户和tenants
# export OS_SERVICE_TOKEN=cskj906 # export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
为管理用户和OpenStack服务创建tenant
# keystone tenant-create --name=admin --description="Admin Tenant" # keystone tenant-create --name=service --description="Service Tenant"
创建管理员
# keystone user-create --name=admin --pass=cskj906 \ --email=admin@example.com
创建角色
# keystone role-create --name=admin
将用户赋予角色,用户作为tenant登录
# keystone user-role-add --user=admin --tenant=admin --role=admin
Define services and API endpoints
# keystone service-create --name=keystone --type=identity \ --description="Keystone Identity Service"
注意:下面的--service_id是上面产生的
# keystone endpoint-create \ --service-id=0de333b0eb294ae58ce79d95480e0aa3 \ --publicurl=http://controller:5000/v2.0 \ --internalurl=http://controller:5000/v2.0 \ --adminurl=http://controller:35357/v2.0
确认 Identity Service 安装状态
$ unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
下面两句只要有输出就算正常了
$ keystone --os-username=admin --os-password=cskj906 \ --os-auth-url=http://controller:35357/v2.0 token-get
$ keystone --os-username=admin --os-password=cskj906 \ --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-get
编辑环境变量~/.profile加入如下内容,有些操作要在root用户执行,所以root用户的.profile中也要加入
export OS_USERNAME=admin export OS_PASSWORD=cskj906 export OS_TENANT_NAME=admin export OS_AUTH_URL=http://controller:35357/v2.0
$ source ~/.profile
$ keystone user-list
配置Image Service(Glance)
# apt-get install glance python-glanceclient
编辑/etc/glance/glance-api.conf和/etc/glance/glance-registry.conf的DEFAULT部分;注意:是两个文件别忘记了。
... [DEFAULT] ... # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine sql_connection = mysql://glance:cskj906@localhost/glance ...
# mysql -u root -pcskj906 mysql> CREATE DATABASE glance DEFAULT CHARACTER SET utf8 collate utf8_general_ci; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'cskj906'; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'cskj906';
初始化数据库
# glance-manage db_sync
# keystone user-create --name=glance --pass=cskj906 \ --email=glance@example.com # keystone user-role-add --user=glance --tenant=service --role=admin
配置认证
编辑/etc/glance/glance-api.conf和/etc/glance/glance-registry.conf文件;注意:是两个文件别忘记了。
在[keystone_authtoken]中下面添加(比原文件中多了个auth_uri,暂时还没研究):
[keystone_authtoken] ... auth_uri = http://controller:5000 auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = cskj906
在[paste_deploy]添加:
[paste_deploy] ... flavor = keystone
编辑/etc/glance/glance-api.conf中
rabbit_password = cskj906
编辑/etc/glance/glance-api-paste.ini 和 /etc/glance/glance-registry-paste.ini 文件;注意:是两个文件别忘记了。
[filter:authtoken] paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory auth_host=controller admin_user=glance admin_tenant_name=service admin_password=cskj906
注册服务
# keystone service-create --name=glance --type=image \ --description="Glance Image Service"
注册EndPoint,这里的service-id是上一步产生的;
# keystone endpoint-create \ --service-id=b29384f33479402cab3ca59503acad0e \ --publicurl=http://controller:9292 \ --internalurl=http://controller:9292 \ --adminurl=http://controller:9292
使新的配置生效
# service glance-registry restart # service glance-api restart
确认 Image Service 安装状态
下载Image,这只是一个简单的例子,你也可以到http://cloud-images.ubuntu.com去下载已经做好的Ubuntu模版;
$ source ~/.profile
$ wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
上传Image到Image Service
# glance image-create --name=Cirros-0.3.1-x86_64 --disk-format=qcow2 \ --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
安装 Image Service 常见问题
-
怎样获得命令详细调试信息 命令后面请使用--debug参数
-
Invalid OpenStack Identity credentials.
# keystone tenant-create --name=admin --description="Admin Tenant" Invalid OpenStack Identity credentials.
请检查OS_SERVICE_TOKEN设置:
# export OS_SERVICE_TOKEN=ADMIN_TOKEN
-
Stderr: '/bin/sh: 1: collie: not found\n' Disabling add method. 发现日志/var/log/glance/api.log中出现Stderr: '/bin/sh: 1: collie: not found\n' Disabling add method. 在/etc/glance/glance-api.conf中明确定义known_stores并确认不包含glance.store.sheepdog.Store项。
-
HTTPInternalServerError (HTTP 500) 在执行
glance image-create时出现HTTPInternalServerError (HTTP 500) 请尝试以下操作:
# glance-manage version_control 0 # glance-manage db_sync
配置 Compute Services(Nova)
Install Compute controller services
# apt-get install nova-novncproxy novnc nova-api \ nova-ajax-console-proxy nova-cert nova-conductor \ nova-consoleauth nova-doc nova-scheduler \ python-novaclient
在/etc/nova/nova.conf中添加 [database] 和 [keystone_authtoken]部分;
... [database] # The SQLAlchemy connection string used to connect to the database connection = mysql://nova:cskj906@localhost/nova [keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = cskj906
在/etc/nova/nova.conf中启用RabbitMQ,在[DEFAULT]部分添加
rpc_backend = nova.rpc.impl_kombu rabbit_host = controller rabbit_password = cskj906
# mysql -u root -p mysql> CREATE DATABASE nova DEFAULT CHARACTER SET utf8 collate utf8_general_ci; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'cskj906'; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'cskj906';
# nova-manage db sync
在/etc/nova/nova.conf中[DEFAULT]部分添加VNC配置
... [DEFAULT] ... # VNC my_ip=192.168.2.135 vncserver_listen=192.168.2.135 vncserver_proxyclient_address=192.168.2.135
创建用户和角色
# keystone user-create --name=nova --pass=cskj906 --email=nova@example.com # keystone user-role-add --user=nova --tenant=service --role=admin
在/etc/nova/nova.conf中[DEFAULT]部分
[DEFAULT] ... auth_strategy=keystone
在/etc/nova/api-paste.ini的[filter:authtoken] 部分中修改认证信息
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = controller auth_port = 35357 auth_protocol = http auth_uri = http://controller:5000/v2.0 admin_tenant_name = service admin_user = nova admin_password = cskj906
Ensure that the api_paste_config=/etc/nova/api-paste.ini option is set in the /etc/nova/nova.conf file.
在Keystone中创建服务
# keystone service-create --name=nova --type=compute \ --description="Nova Compute service"
在Keystone中注册EndPoint,注意:service-id是上一步产生的
# keystone endpoint-create \ --service-id=1af2b5f368784b339b35ff55fa8426bf \ --publicurl=http://controller:8774/v2/%\(tenant_id\)s \ --internalurl=http://controller:8774/v2/%\(tenant_id\)s \ --adminurl=http://controller:8774/v2/%\(tenant_id\)s
重新启动Nova相关服务
# service nova-api restart # service nova-cert restart # service nova-consoleauth restart # service nova-scheduler restart # service nova-conductor restart # service nova-novncproxy restart 可以简写为: # for i in nova-api nova-cert nova-consoleauth nova-scheduler nova-conductor nova-novncproxy; do service $i restart; done;
# nova image-list
配置计算节点
在/etc/hosts中配置服务器主机名,如果“计算节点”跟“控制服务器”在同一个机器上,请跳过这一步。
192.168.2.135 controller
安装计算节点软件
# apt-get install nova-compute-kvm python-guestfs
有个Bug需要处理,对内核添加普通用户可读属性
# dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-$(uname -r)
创建文件/etc/kernel/postinst.d/statoverride,并添加如下内容:
1 2 3 4 5 | #!/bin/sh version="$1" # passing the kernel version is required [ -z "${version}" ] && exit 0 dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-${version} |
# chmod +x /etc/kernel/postinst.d/statoverride
在/etc/nova/nova.conf中
配置认证和数据库连接
注意:如果是单机环境,这个已经配置过请跳过
... [DEFAULT] ... auth_strategy=keystone ... [database] # The SQLAlchemy connection string used to connect to the database connection = mysql://nova:cskj906@controller/nova
配置消息服务器地址
注意:如果是单机环境,这个已经配置过请跳过
[DEFAULT] ... rpc_backend = nova.rpc.impl_kombu rabbit_host = controller rabbit_password = cskj906
配置VNC
[DEFAULT] ... my_ip=192.168.2.135 vnc_enabled=True vncserver_listen=0.0.0.0 vncserver_proxyclient_address=192.168.2.135 novncproxy_base_url=http://192.168.2.135:6080/vnc_auto.html
配置控制服务器的地址
[DEFAULT] ... glance_host=controller
在/etc/nova/api-paste.ini中,修改认证信息
注意:如果是单机环境,这个已经配置过请跳过
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = cskj906
# service nova-compute restart
# rm /var/lib/nova/nova.sqlite
配置网络
注意:如果计算节点和控制节点同一台机器上,nova-api-metadata不能被安装否则nova-api就会被卸载
# apt-get install nova-network
如果计算节点是独立的服务器,需要执行下面一句
# apt-get install nova-api-metadata
在/etc/nova/nova.conf中配置网络信息;
[DEFAULT] ... network_manager=nova.network.manager.FlatDHCPManager firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver network_size=254 allow_same_net_traffic=False multi_host=True send_arp_for_ha=True share_dhcp_address=True force_dhcp_release=True flat_network_bridge=br100 flat_interface=eth0 public_interface=eth0
# service nova-network restart
添加固定网络,这里跟控制主机在同一个网络,为了简单可以直接给fixed ip分配公共地址;
# nova network-create vmnet --fixed-range-v4=192.168.2.192/28 \ --bridge=br100 --multi-host=T
也可以分为私有网络和公共网络,使用floating ip作为公共网络地址;
# nova network-create vmnet --fixed-range-v4=10.168.2.0/24 \ --bridge=br100 --multi-host=T # nova floating-ip-bulk-create 192.168.2.192/28
注意了:如果在虚拟机内部不能通过公共网络访问公网,有几种方法:
方法一:修改/etc/nova/nova.conf中的flat_interface,这样本机的IP和Floating IP都在eth0上,Fixed ip在br100上
flat_interface=br100
方法二:修改/etc/nova/nova.conf中的public_interface,结果为所有的IP都绑定在br100上。
public_interface=br100
方法三:添加如下规则:
# iptables -A POSTROUTING -t nat -s 10.168.2.0/24 -o br100 -j MASQUERADE
启动实例
设置安全组,负责无法链接到虚拟机
# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 # nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
为管理实例创建keypair,登录主机需要这个;
$ ssh-keygen
$ cd .ssh
$ nova keypair-add --pub_key id_rsa.pub mykey
$ nova keypair-list
查看已有的计算方案
$ nova flavor-list
查看已有的Image;
$ nova image-list
建立一个新的虚拟机,并启动,注意:这里的--image后面的id是使用nova image-list查出的;
$ nova boot --flavor 1 --key_name mykey --image 2e88997e-a38e-4ea9-8068-05fa9a734ae9 --security_group default CirrOS
$ nova list
如何自动启动
在/etc/nova/nova.conf中添加如下内容,就可以在服务器启动时自动启动虚拟机了。
[DEFAULT] ... start_guests_on_host_boot = True resume_guests_state_on_host_boot = True
如何自动分配Floating IP?
在/etc/nova/nova.conf中添加如下内容
auto_assign_floating_ip=True
配置Dashborad
# apt-get install memcached libapache2-mod-wsgi openstack-dashboard
安装后,配置在文件/etc/openstack-dashboard/local_settings.py中,默认单机安装都不需要修改。
# service apache2 restart # service memcached restart
输入http://192.168.2.135/horizon就可以访问了。
到此为止,在Web界面中管理个虚拟机是没有问题了。这里有个BUG,如果session过期后,地址跳转不对:重新输入
http://192.168.2.135/horizon访问。
Block Storage Service(Cinder)
要增加虚拟机的硬盘空间,有几种方法:
- 挂载外部NFS,到一个文件目录
- 挂载ISCSI设备,增添远程硬盘
- 使用OpenStack的Block Storage服务,添加云盘,完成后操作界面就会出现“云盘”的管理。
Cinder需要独立的磁盘空间,并且使用LVM进行管理,请事先准备好空闲的分区或者磁盘。
安装Cinder服务控制器
# apt-get install cinder-api cinder-scheduler
修改/etc/cinder/cinder.conf添加[database]配置
[database] connection = mysql://cinder:cskj906@controller/cinder
建立数据库和用户
# mysql -u root -p mysql> CREATE DATABASE cinder DEFAULT CHARACTER SET utf8 collate utf8_general_ci; mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY 'cskj906'; mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ IDENTIFIED BY 'cskj906';
初始化数据库
# cinder-manage db sync
创建认证信息
# keystone user-create --name=cinder --pass=cskj906 --email=cinder@example.com # keystone user-role-add --user=cinder --tenant=service --role=admin
修改/etc/cinder/api-paste.ini中的[filter:authtoken]部分
[filter:authtoken] paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory auth_host=controller auth_port = 35357 auth_protocol = http auth_uri = http://controller:5000 admin_tenant_name=service admin_user=cinder admin_password=cskj906
为Block Storage配置MQ服务,修改/etc/cinder/cinder.conf中的[DEFAULT]部分
[DEFAULT] ... rpc_backend = cinder.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_port = 5672 rabbit_userid = guest rabbit_password = cskj906
注册服务
# keystone service-create --name=cinder --type=volume \ --description="Cinder Volume Service"
注意:service-id来自上步返回
# keystone endpoint-create \ --service-id=fb59ae326b1749afb4b712eebad2caec \ --publicurl=http://controller:8776/v1/%\(tenant_id\)s \ --internalurl=http://controller:8776/v1/%\(tenant_id\)s \ --adminurl=http://controller:8776/v1/%\(tenant_id\)s
注册2.0版服务
# keystone service-create --name=cinderv2 --type=volumev2 \ --description="Cinder Volume Service V2"
# keystone endpoint-create \ --service-id=aa022d3ff3d14024ab4a986ca90a3c61 \ --publicurl=http://controller:8776/v2/%\(tenant_id\)s \ --internalurl=http://controller:8776/v2/%\(tenant_id\)s \ --adminurl=http://controller:8776/v2/%\(tenant_id\)s
重启服务使配置生效
# service cinder-scheduler restart # service cinder-api restart
安装Cinder服务节点
服务节点需要使用LVM卷提供存储。
安装LVM
# apt-get install lvm2
建立卷组
# pvcreate /dev/sdb # vgcreate cinder-volumes /dev/sdb
编辑/etc/lvm/lvm.conf设置卷的扫描规则,暂时未搞明白,先跳过这一步。
devices { ... filter = [ "a/sda1/", "a/sdb/", "r/.*/"] ... }
安装卷管理软件
# apt-get install cinder-volume
在/etc/cinder/api-paste.ini的[filter:authtoken]部分
[filter:authtoken] paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory auth_host=controller auth_port = 35357 auth_protocol = http admin_tenant_name=service admin_user=cinder admin_password=cskj906
在/etc/cinder/cinder.conf的[DEFAULT] 中配置RabbitMQ
[DEFAULT] ... rpc_backend = cinder.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_port = 5672 rabbit_userid = guest rabbit_password = cskj906
在/etc/cinder/cinder.conf的数据库配置
[database] ... connection = mysql://cinder:cskj906@controller/cinder
# service cinder-volume restart # service tgt restart