Contents
基本物理网络架构
使用UOS配置物理架构
- 创建私有网络 Management-Network,并在 Management-Network 上创建子网 public-subnet
- 创建私有网络 VM-Network, 并在 VM-Network 上创建子网 flat-subnet
- 创建1个虚拟机作为控制节点
- 使用”Ubuntu 14.04 64bit”镜像
- 虚拟机类型是2个vCPU, 4GB内存
- 使用私有网络,子网选择 public-subnet
- 因此这个虚拟机只有1块网卡,是eth0,跟public-subnet相连
- 创建2个相同的虚拟机作为计算节点
- 使用”Ubuntu 14.04 64bit”镜像
- 虚拟机类型是4个vCPU, 4GB内存
- 使用私有网络,子网选择 public-subnet
- 在子网 flat-subnet上创建虚拟网卡,并绑定到虚拟机上
- 这种虚拟机有2块网卡,分别是
- eth0,跟 public-subnet 相连
- eth1,跟 flat-subnet 相连
- 创建1个公网IP, 并绑定到控制节点上,我们等下使用这个公网IP访问Horizon
- 再创建1个公网IP,并绑定到路由器上,这样计算节点也能够上网。
- 设置安全组,把所有协议和所有端口都全部打开。
hostname设置(在所有的节点上都要设置)
修改/etc/hostname(不同节点的hostname不一样,比如控制节点的hostname是controller,计算节点1的hostname是compute01)
vim /etc/hostname controller
修改/etc/hosts,添加上DNS映射,然后ping一下主机名,看是否解析到正确的ip地址上。注意,别把下面的中文注释也加到文件中。
vim /etc/hosts 192.168.0.2 controller # 在我的controller节点中,它的IP地址是 192.168.0.2 192.168.0.4 compute01 # 在我的compute01节点中,它的IP地址是 192.168.0.4 192.168.0.5 compute02 # 在我的compute02节点中,它的IP地址是 192.168.0.5
安装控制节点
更新apt源
1. 编辑apt源的文件,并替换成以下内容
vim /etc/apt/sources.list deb http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse deb http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse deb http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse deb http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse deb http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse deb-src http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse deb-src http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse deb-src http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse deb-src http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse deb-src http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse
2. 更新apt源
apt-get update
安装MySQL
1. 安装 MySQL(在安装过程中,需要设置root用户的密码, 我们设置密码为’root’):
apt-get install -y mysql-server python-mysqldb
2. 配置mysql可以接受来自任何节点的请求。只修改 bind-address 这个参数
vim /etc/mysql/my.cnf ...... bind-address = 0.0.0.0
3. 重启 MySQL 服务:
service mysql restart
4. 检查 MySQL 服务
service mysql status 假如有问题,则需要查看日志 vim /var/log/mysql/error.log
安装RabbitMQ
apt-get install -y rabbitmq-server service rabbitmq-server status 假如有问题,则需要查看日志 vim /var/log/rabbitmq/rabbit@controller.log
安装NTP
apt-get install -y ntp
安装Keystone
1. 安装keystone的deb包
apt-get install -y keystone
2. 为keystone创建一个数据库,数据库名是’keystone’,用户名是 ‘keystone’, 密码是 ‘root’
mysql -u root -p mysql> CREATE DATABASE keystone; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'root'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'root'; mysql> exit;
3. 设置keystone的配置文件,设置几个重要的选项 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)
vim /etc/keystone/keystone.conf [database] connection = mysql://keystone:root@controller/keystone?charset=utf8 [DEFAULT] admin_token=root # This is very important log_dir=/var/log/keystone [token] provider=keystone.token.providers.uuid.Provider
4. 同步keystone数据库
keystone-manage db_sync
5. 检查数据库
mysql -u root -p mysql> use keystone; mysql> show TABLES; mysql> exit;
6. 启动keystone服务
service keystone restart 过几秒钟之后,检查一下keystone服务 service keystone status 假如有问题,检查日志 vim /var/log/keystone/keystone.log
7. 定义users, tenants, roles
# 导入环境变量 export OS_SERVICE_TOKEN=root # admin_token export OS_SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0 # 创建超级管理员 keystone user-create --name=admin --pass=root --email=admin@domain.com keystone role-create --name=admin keystone tenant-create --name=admin --description="Admin Tenant" keystone user-role-add --user=admin --tenant=admin --role=admin keystone user-role-add --user=admin --role=_member_ --tenant=admin # 创建普通用户 keystone user-create --name=demo --pass=root --email=demo@domain.com keystone tenant-create --name=demo --description="Demo Tenant" keystone user-role-add --user=demo --role=_member_ --tenant=demo # 创建 service tenant keystone tenant-create --name=service --description="Service Tenant"
8. 定义 services 和 endpoints
keystone service-create --name=keystone --type=identity --description="OpenStack Identity" keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ identity / {print $2}') \ --publicurl=http://controller:5000/v2.0 \ --internalurl=http://controller:5000/v2.0 \ --adminurl=http://controller:35357/v2.0
9. 创建证书文件
vim openrc #填入以下内容: export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=root export OS_AUTH_URL=http://controller:35357/v2.0
10. 测试 Keystone 是否可用
# 清理环境中 OS_SERVICE_TOKEN 和 OS_SERVICE_ENDPOINT 变量的值 unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT # 使用用户名和密码获取一个token keystone --os-username=admin --os-password=root --os-auth-url=http://controller:35357/v2.0 token-get # 载入超级管理员的证书文件 source openrc # 测试keystone的命令 keystone token-get keystone user-list keystone user-role-list --user admin --tenant admin
安装Glance
1. 安装Glance的deb包
apt-get install -y glance python-glanceclient
2. 为Glance创建一个数据库
mysql -u root -p mysql> CREATE DATABASE glance; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'root'; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'root'; mysql> exit;
3. 设置 /etc/glance/glance-api.conf 配置文件,设置一些重要的选项 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)
vim /etc/glance/glance-api.conf [database] connection = mysql://glance:root@controller/glance?charset=utf8 [DEFAULT] rabbit_host = localhost [keystone_authtoken] auth_uri = http://controller:5000 auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = root [paste_deploy] flavor = keystone
4. 设置 /etc/glance/glance-registry.conf 文件 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)
vim /etc/glance/glance-registry.conf [database] connection = mysql://glance:root@controller/glance?charset=utf8 [keystone_authtoken] auth_uri = http://controller:5000 auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = root [paste_deploy] flavor = keystone
5. 同步 glance 数据库
glance-manage db_sync
你可能碰到以下问题 2014-11-22 22:55:55.093 17444 CRITICAL glance [-] ValueError: Tables "migrate_version" have non utf8 collation, please make sure all tables are CHARSET=utf8 解决办法是 mysql -u root -p glance mysql> alter table migrate_version convert to character set utf8 collate utf8_unicode_ci; mysql> flush privileges; mysql> quit; 重新执行一次 glance-manage db_sync
6. 在Keystone中配置Glance服务的 user 和 role
keystone user-create --name=glance --pass=root --email=glance@domain.com keystone user-role-add --user=glance --tenant=service --role=admin
7. 在keystone中注册 Glance service 并创建 endpoint:
keystone service-create --name=glance --type=image --description="OpenStack Image Service" keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ image / {print $2}') \ --publicurl=http://controller:9292 \ --internalurl=http://controller:9292 \ --adminurl=http://controller:9292
8. 启动glance-api 和 glance-registry 服务
service glance-api restart service glance-registry restart 过几秒中后,检查服务是否启动成功 service glance-api status service glance-registry status 假如有问题,查看日志 vim /var/log/glance/glance-api.log vim /var/log/glance/glance-registry.log
9. 测试 Glance, 上传 cirros 镜像
# 第一种方法,设置location,不会真实保存镜像文件在Glance中 source openrc glance image-create --name "cirros-0.3.2-x86_64" --is-public true \ --container-format bare --disk-format qcow2 \ --location http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img # 第二中方法,上传镜像到Glance中 source openrc wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img glance image-create --name "cirros-0.3.2-x86_64-local" --disk-format qcow2 \ --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img
10. 列出所有镜像
glance image-list
安装Cinder
1. 安装Cinder的包
apt-get install -y cinder-api cinder-scheduler cinder-volume
2. 为Cinder创建数据库
mysql -u root -p mysql> CREATE DATABASE cinder; mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'root'; mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'root';
3. 设置 Cinder 配置文件,注意需要设置的选项
vim /etc/cinder/cinder.conf [DEFAULT] rootwrap_config = /etc/cinder/rootwrap.conf api_paste_confg = /etc/cinder/api-paste.ini iscsi_helper = tgtadm # This is very important volume_name_template = volume-%s volume_group = cinder-volumes # This is very important verbose = True auth_strategy = keystone state_path = /var/lib/cinder lock_path = /var/lock/cinder volumes_dir = /var/lib/cinder/volumes rpc_backend = rabbit # This is very important rabbit_host = controller # This is very important rabbit_port = 5672 rabbit_userid = guest rabbit_password = guest my_ip = 192.168.0.2 # controller'ip is 192.168.0.2 glance_host = controller # This is very important [database] connection = mysql://cinder:root@controller/cinder?charset=utf8 # This is very important [keystone_authtoken] auth_uri = http://controller:5000 # This is very important auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = cinder admin_password = root # This is very important
4. 同步 Cinder 数据库
cinder-manage db sync
5. 在Keystone中创建Cinder的 user 和 role
keystone user-create --name=cinder --pass=root --email=cinder@example.com keystone user-role-add --user=cinder --tenant=service --role=admin
6. 在Keystone中注册Cinder service 并创建 endpoint
keystone service-create --name=cinder --type=volume --description="OpenStack Block Storage" keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ volume / {print $2}') \ --publicurl=http://controller:8776/v1/%\(tenant_id\)s \ --internalurl=http://controller:8776/v1/%\(tenant_id\)s \ --adminurl=http://controller:8776/v1/%\(tenant_id\)s
keystone service-create --name=cinderv2 --type=volumev2 --description="OpenStack Block Storage v2" keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ volumev2 / {print $2}') \ --publicurl=http://controller:8776/v2/%\(tenant_id\)s \ --internalurl=http://controller:8776/v2/%\(tenant_id\)s \ --adminurl=http://controller:8776/v2/%\(tenant_id\)s
7. 创建存储池
apt-get install lvm2 #在UOS上创建一个100 GB的云硬盘,然后把这个云硬盘挂载到controller节点上,过程略 pvcreate /dev/vdb vgcreate cinder-volumes /dev/vdb
8. 启动 Cinder 服务
service tgt restart service cinder-api restart service cinder-scheduler restart service cinder-volume restart 检查cinder服务是否正常 service cinder-api status service cinder-scheduler status service cinder-volume status 假如有问题,可以查看日志 vim /var/log/cinder/cinder-api.log vim /var/log/cinder/cinder-scheduler.log vim /var/log/cinder/cinder-volume.log
9. 测试 Cinder 服务
source openrc cinder create --display-name myvolume 2 cinder list
安装Nova
1. 安装nova的deb包
apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth \ nova-novncproxy nova-scheduler python-novaclient
2. 为nova创建一个数据库
mysql -u root -p mysql> CREATE DATABASE nova; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'root'; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'root'; mysql> exit;
3. 设置nova的配置文件 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)
vim /etc/nova/nova.conf [database] connection = mysql://nova:root@controller/nova?charset=utf8 [DEFAULT] network_api_class = nova.network.api.API # This is very important security_group_api = nova rpc_backend = rabbit rabbit_host = controller my_ip = 192.168.0.2 # controller'ip 192.168.0.2 vncserver_listen = 192.168.0.2 vncserver_proxyclient_address = 192.168.0.2 auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = root
4. 同步nova的数据库
nova-manage db sync
5. 在keystone上为nova创建user和role
keystone user-create --name=nova --pass=root --email=nova@domain.com keystone user-role-add --user=nova --tenant=service --role=admin
6. 在keystone上注册nova service 并创建 endpoint
keystone service-create --name=nova --type=compute --description="OpenStack Compute" keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ compute / {print $2}') \ --publicurl=http://controller:8774/v2/%\(tenant_id\)s \ --internalurl=http://controller:8774/v2/%\(tenant_id\)s \ --adminurl=http://controller:8774/v2/%\(tenant_id\)s
7. 重启所有nova服务
service nova-api restart service nova-cert restart service nova-conductor restart service nova-consoleauth restart service nova-novncproxy restart service nova-scheduler restart 过几秒种后,检查nova服务是否正常 service nova-api status service nova-cert status service nova-conductor status service nova-consoleauth status service nova-novncproxy status service nova-scheduler status 假如有问题,可以查看日志 vim /var/log/nova/nova-api.log vim /var/log/nova/nova-scheduler.log vim /var/log/nova/nova-conductor.log
8. 检查nova服务是否正常
nova-manage service list
9. 验证nova服务是否可用
source openrc nova image-list
安装Horizon
1. 安装horizon的deb包
apt-get install -y apache2 memcached libapache2-mod-wsgi openstack-dashboard
2. 编辑horizon的配置文件
vim /etc/openstack-dashboard/local_settings.py ALLOWED_HOSTS = '*' OPENSTACK_HOST = "controller"
3. 重启apache和memcached
service apache2 restart; service memcached restart
安装计算节点
1. 更新apt源, 参考前面
2. 安装NTP, 参考前面
3. 检查是否支持虚拟化
apt-get install -y cpu-checker kvm-ok
4. 安装KVM
apt-get install -y kvm libvirt-bin pm-utils
5. 安装nova-compute/network/api-metadata等deb包
apt-get install -y nova-compute-kvm nova-network nova-api-metadata python-guestfs
6. 设置/etc/nova/nova.conf配置文件
vim /etc/nova/nova.conf [DEFAULT] auth_strategy = keystone rpc_backend = rabbit rabbit_host = controller my_ip = 192.168.0.4 # 注意不同计算节点的IP地址是不同的 vnc_enabled = True vncserver_listen = 192.168.0.4 # 注意不同计算节点的IP地址是不同的 vncserver_proxyclient_address = 192.168.0.4 # 注意不同计算节点的IP地址是不同的 novncproxy_base_url = http://8.8.8.8:6080/vnc_auto.html # 注意,需要把8.8.8.8改成你的公网IP地址 glance_host = controller network_api_class = nova.network.api.API security_group_api = nova network_size = 254 allow_same_net_traffic = False multi_host = True send_arp_for_ha = True share_dhcp_address = True force_dhcp_release = True firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver network_manager = nova.network.manager.FlatDHCPManager flat_network_bridge = br100 # 注意 flat_interface = eth1 # 注意 public_interface = eth0 # 注意 [database] connection = mysql://nova:root@controller/nova?charset=utf8 [keystone_authtoken] auth_uri = http://controller:5000 auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = root
7. 设置/etc/nova/nova-compute.conf配置文件
[libvirt] ... virt_type = qemu # 因为我们现在用的不是物理服务器,而是UOS的虚拟机,所以需要设置为qemu
8. 设置/etc/sysctl.conf文件
vim /etc/sysctl.conf net.ipv4.ip_forward=1
9. 让/etc/sysctl.conf生效
sysctl -p
9. 重启nova-compute/network/api-metadata
service nova-compute restart service nova-network restart service nova-api-metadata restart 过几秒种后,检查nova服务是否正常 service nova-compute status service nova-network status service nova-api-metadata status 假如有问题,可以查看日志 vim /var/log/nova/nova-compute.log vim /var/log/nova/nova-network.log vim /var/log/nova/nova-api-metadata.log
10. 检查nova的服务
nova-manage service list
为Nova-network创建固定IP
在某个计算节点上执行以下操作
nova-manage --config-file /etc/nova/nova.conf network create "private" 10.10.10.0/24 1 256
登录OpenStack Horizon
访问 http://{你的公网IP}/horizon, 用户名和密码是 admin 和 root。