培训-UOS多节点安装OpenStack(Nova-network)

 

基本物理网络架构

architecture

使用UOS配置物理架构

  1. 创建私有网络 Management-Network,并在 Management-Network 上创建子网 public-subnet
  2. 创建私有网络 VM-Network, 并在 VM-Network 上创建子网 flat-subnet
  3. 创建1个虚拟机作为控制节点
    • 使用”Ubuntu 14.04 64bit”镜像
    • 虚拟机类型是2个vCPU, 4GB内存
    • 使用私有网络,子网选择 public-subnet
    • 因此这个虚拟机只有1块网卡,是eth0,跟public-subnet相连
  4. 创建2个相同的虚拟机作为计算节点
    • 使用”Ubuntu 14.04 64bit”镜像
    • 虚拟机类型是4个vCPU, 4GB内存
    • 使用私有网络,子网选择 public-subnet
    • 在子网 flat-subnet上创建虚拟网卡,并绑定到虚拟机上
    • 这种虚拟机有2块网卡,分别是
      • eth0,跟 public-subnet 相连
      • eth1,跟 flat-subnet 相连
  5. 创建1个公网IP, 并绑定到控制节点上,我们等下使用这个公网IP访问Horizon
  6. 再创建1个公网IP,并绑定到路由器上,这样计算节点也能够上网。
  7. 设置安全组,把所有协议和所有端口都全部打开。

vms

 hostname设置(在所有的节点上都要设置)

修改/etc/hostname(不同节点的hostname不一样,比如控制节点的hostname是controller,计算节点1的hostname是compute01)

vim /etc/hostname

controller

修改/etc/hosts,添加上DNS映射,然后ping一下主机名,看是否解析到正确的ip地址上。注意,别把下面的中文注释也加到文件中。

vim  /etc/hosts

192.168.0.2  controller  # 在我的controller节点中,它的IP地址是 192.168.0.2
192.168.0.4  compute01   # 在我的compute01节点中,它的IP地址是 192.168.0.4
192.168.0.5  compute02   # 在我的compute02节点中,它的IP地址是 192.168.0.5

安装控制节点

更新apt源

1. 编辑apt源的文件,并替换成以下内容

vim /etc/apt/sources.list

deb http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ trusty-proposed main restricted universe multiverse
deb-src http://mirrors.sohu.com/ubuntu/ trusty-backports main restricted universe multiverse

2. 更新apt源

apt-get update

安装MySQL

1. 安装 MySQL(在安装过程中,需要设置root用户的密码, 我们设置密码为’root’):

apt-get install -y mysql-server python-mysqldb

2. 配置mysql可以接受来自任何节点的请求。只修改 bind-address 这个参数

vim  /etc/mysql/my.cnf

......
bind-address            = 0.0.0.0

3. 重启 MySQL 服务:

service mysql restart

4. 检查 MySQL 服务

service mysql status

假如有问题,则需要查看日志
vim /var/log/mysql/error.log

 

安装RabbitMQ

apt-get install -y rabbitmq-server

service rabbitmq-server status

假如有问题,则需要查看日志
vim /var/log/rabbitmq/rabbit@controller.log

安装NTP

apt-get install -y ntp

安装Keystone

1. 安装keystone的deb包

apt-get install -y keystone

2. 为keystone创建一个数据库,数据库名是’keystone’,用户名是 ‘keystone’, 密码是 ‘root’

mysql -u root -p

mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'root';
mysql> exit;

3. 设置keystone的配置文件,设置几个重要的选项 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)

vim /etc/keystone/keystone.conf

[database]
connection = mysql://keystone:root@controller/keystone?charset=utf8 

[DEFAULT] 
admin_token=root  # This is very important
log_dir=/var/log/keystone

[token]
provider=keystone.token.providers.uuid.Provider

4. 同步keystone数据库

keystone-manage db_sync

5. 检查数据库

mysql -u root -p 
mysql> use keystone;
mysql> show TABLES;
mysql> exit;

6. 启动keystone服务

service keystone restart

过几秒钟之后,检查一下keystone服务
service keystone status

假如有问题,检查日志
vim /var/log/keystone/keystone.log

7. 定义users, tenants, roles

# 导入环境变量
export OS_SERVICE_TOKEN=root   # admin_token
export OS_SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

# 创建超级管理员
keystone user-create --name=admin --pass=root --email=admin@domain.com
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin

# 创建普通用户
keystone user-create --name=demo --pass=root --email=demo@domain.com
keystone tenant-create --name=demo --description="Demo Tenant"
keystone user-role-add --user=demo --role=_member_ --tenant=demo

# 创建 service tenant
keystone tenant-create --name=service --description="Service Tenant"

8. 定义 services 和 endpoints

keystone service-create --name=keystone --type=identity --description="OpenStack Identity"

keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0

9. 创建证书文件

vim openrc
#填入以下内容:
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=root
export OS_AUTH_URL=http://controller:35357/v2.0 

10. 测试 Keystone 是否可用

# 清理环境中 OS_SERVICE_TOKEN 和 OS_SERVICE_ENDPOINT 变量的值
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT


# 使用用户名和密码获取一个token
keystone --os-username=admin --os-password=root --os-auth-url=http://controller:35357/v2.0 token-get

# 载入超级管理员的证书文件
source openrc
 
# 测试keystone的命令
keystone token-get
keystone user-list
keystone user-role-list --user admin --tenant admin

 

安装Glance

1. 安装Glance的deb包

apt-get install -y glance python-glanceclient

2. 为Glance创建一个数据库

mysql -u root -p

mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'root';
mysql> exit;

3. 设置 /etc/glance/glance-api.conf 配置文件,设置一些重要的选项 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)

vim /etc/glance/glance-api.conf

[database]
connection = mysql://glance:root@controller/glance?charset=utf8

[DEFAULT]
rabbit_host = localhost

[keystone_authtoken]
auth_uri = http://controller:5000
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = root

[paste_deploy]
flavor = keystone

4. 设置 /etc/glance/glance-registry.conf 文件 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)

vim /etc/glance/glance-registry.conf

[database]
connection = mysql://glance:root@controller/glance?charset=utf8

[keystone_authtoken]
auth_uri = http://controller:5000
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = root

[paste_deploy]
flavor = keystone

5. 同步 glance 数据库

glance-manage db_sync

 

你可能碰到以下问题
2014-11-22 22:55:55.093 17444 CRITICAL glance [-] ValueError: Tables "migrate_version" 
have non utf8 collation, please make sure all tables are CHARSET=utf8

解决办法是
mysql -u root -p  glance
mysql> alter table migrate_version convert to character set utf8 collate utf8_unicode_ci;
mysql> flush privileges;
mysql> quit;

重新执行一次
glance-manage db_sync

6. 在Keystone中配置Glance服务的 user 和 role

keystone user-create --name=glance --pass=root --email=glance@domain.com
keystone user-role-add --user=glance --tenant=service --role=admin

7. 在keystone中注册 Glance service 并创建 endpoint:

keystone service-create --name=glance --type=image --description="OpenStack Image Service"
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ image / {print $2}') \
--publicurl=http://controller:9292 \
--internalurl=http://controller:9292 \
--adminurl=http://controller:9292

8. 启动glance-api 和 glance-registry 服务

service glance-api restart
service glance-registry restart

过几秒中后,检查服务是否启动成功
service glance-api status
service glance-registry status

假如有问题,查看日志
vim /var/log/glance/glance-api.log
vim /var/log/glance/glance-registry.log

9. 测试 Glance, 上传 cirros 镜像

# 第一种方法,设置location,不会真实保存镜像文件在Glance中
source openrc
glance image-create --name "cirros-0.3.2-x86_64" --is-public true \
--container-format bare --disk-format qcow2 \
--location http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img

# 第二中方法,上传镜像到Glance中
source openrc
wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
glance image-create --name "cirros-0.3.2-x86_64-local" --disk-format qcow2 \
 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img

10. 列出所有镜像

glance image-list

安装Cinder

1. 安装Cinder的包

apt-get install -y cinder-api cinder-scheduler cinder-volume

2. 为Cinder创建数据库

mysql -u root -p
mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'root';

3. 设置 Cinder 配置文件,注意需要设置的选项

vim /etc/cinder/cinder.conf

[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm                 # This is very important
volume_name_template = volume-%s
volume_group = cinder-volumes         # This is very important
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes

rpc_backend = rabbit      # This is very important
rabbit_host = controller  # This is very important
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = guest

my_ip = 192.168.0.2            # controller'ip is 192.168.0.2 
glance_host = controller     # This is very important

[database]
connection = mysql://cinder:root@controller/cinder?charset=utf8  # This is very important

[keystone_authtoken]
auth_uri = http://controller:5000  # This is very important
auth_host = controller                
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = root      # This is very important

4. 同步 Cinder 数据库

cinder-manage db sync

5. 在Keystone中创建Cinder的 user 和 role

keystone user-create --name=cinder --pass=root --email=cinder@example.com
keystone user-role-add --user=cinder --tenant=service --role=admin

6. 在Keystone中注册Cinder service 并创建 endpoint

keystone service-create --name=cinder --type=volume --description="OpenStack Block Storage"
keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ volume / {print $2}') \
  --publicurl=http://controller:8776/v1/%\(tenant_id\)s \
  --internalurl=http://controller:8776/v1/%\(tenant_id\)s \
  --adminurl=http://controller:8776/v1/%\(tenant_id\)s

keystone service-create --name=cinderv2 --type=volumev2 --description="OpenStack Block Storage v2"
keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ volumev2 / {print $2}') \
  --publicurl=http://controller:8776/v2/%\(tenant_id\)s \
  --internalurl=http://controller:8776/v2/%\(tenant_id\)s \
  --adminurl=http://controller:8776/v2/%\(tenant_id\)s

7. 创建存储池

apt-get install lvm2

#在UOS上创建一个100 GB的云硬盘,然后把这个云硬盘挂载到controller节点上,过程略

pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb

8. 启动 Cinder 服务

service tgt restart


service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart

检查cinder服务是否正常

service cinder-api status
service cinder-scheduler status
service cinder-volume status

假如有问题,可以查看日志
vim /var/log/cinder/cinder-api.log
vim /var/log/cinder/cinder-scheduler.log
vim /var/log/cinder/cinder-volume.log

9. 测试 Cinder 服务

source openrc
cinder create --display-name myvolume 2
cinder list

安装Nova

1. 安装nova的deb包

apt-get install -y nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient

2. 为nova创建一个数据库

mysql -u root -p

mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'root';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'root';
mysql> exit;

3. 设置nova的配置文件 (切记不要把原来的内容都删除掉,只是修改几个选项的值而已)

vim /etc/nova/nova.conf

[database]
connection = mysql://nova:root@controller/nova?charset=utf8

[DEFAULT]
network_api_class = nova.network.api.API  # This is very important
security_group_api = nova
rpc_backend = rabbit
rabbit_host = controller
my_ip = 192.168.0.2   #  controller'ip 192.168.0.2 
vncserver_listen = 192.168.0.2 
vncserver_proxyclient_address = 192.168.0.2 
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = root

4. 同步nova的数据库

nova-manage db sync

5. 在keystone上为nova创建user和role

keystone user-create --name=nova --pass=root --email=nova@domain.com
keystone user-role-add --user=nova --tenant=service --role=admin

6. 在keystone上注册nova service 并创建 endpoint

keystone service-create --name=nova --type=compute --description="OpenStack Compute"
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ compute / {print $2}') \
--publicurl=http://controller:8774/v2/%\(tenant_id\)s \
--internalurl=http://controller:8774/v2/%\(tenant_id\)s \
--adminurl=http://controller:8774/v2/%\(tenant_id\)s

7. 重启所有nova服务

service nova-api restart
service nova-cert restart
service nova-conductor restart
service nova-consoleauth restart
service nova-novncproxy restart
service nova-scheduler restart

过几秒种后,检查nova服务是否正常
service nova-api status
service nova-cert status
service nova-conductor status
service nova-consoleauth status
service nova-novncproxy status
service nova-scheduler status

假如有问题,可以查看日志
vim /var/log/nova/nova-api.log
vim /var/log/nova/nova-scheduler.log
vim /var/log/nova/nova-conductor.log

8. 检查nova服务是否正常

nova-manage service list

9. 验证nova服务是否可用

source openrc
nova image-list

 

安装Horizon

1. 安装horizon的deb包

apt-get install -y apache2 memcached libapache2-mod-wsgi openstack-dashboard

2. 编辑horizon的配置文件

vim /etc/openstack-dashboard/local_settings.py
ALLOWED_HOSTS = '*'
OPENSTACK_HOST = "controller"

3. 重启apache和memcached

service apache2 restart; service memcached restart

安装计算节点

1. 更新apt源, 参考前面

2. 安装NTP, 参考前面

3. 检查是否支持虚拟化

apt-get install -y cpu-checker
kvm-ok

4. 安装KVM

apt-get install -y kvm libvirt-bin pm-utils

5. 安装nova-compute/network/api-metadata等deb包

apt-get install -y nova-compute-kvm nova-network nova-api-metadata python-guestfs

6. 设置/etc/nova/nova.conf配置文件

vim /etc/nova/nova.conf

[DEFAULT]
auth_strategy = keystone
rpc_backend = rabbit
rabbit_host = controller
my_ip = 192.168.0.4     # 注意不同计算节点的IP地址是不同的
vnc_enabled = True
vncserver_listen = 192.168.0.4  # 注意不同计算节点的IP地址是不同的
vncserver_proxyclient_address = 192.168.0.4   # 注意不同计算节点的IP地址是不同的
novncproxy_base_url = http://8.8.8.8:6080/vnc_auto.html  # 注意,需要把8.8.8.8改成你的公网IP地址
glance_host = controller

network_api_class = nova.network.api.API
security_group_api = nova
network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
flat_network_bridge = br100  # 注意
flat_interface = eth1        # 注意
public_interface = eth0      # 注意

[database]
connection = mysql://nova:root@controller/nova?charset=utf8

[keystone_authtoken]
auth_uri = http://controller:5000
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = root

7. 设置/etc/nova/nova-compute.conf配置文件

[libvirt]
...
virt_type = qemu  # 因为我们现在用的不是物理服务器,而是UOS的虚拟机,所以需要设置为qemu

8. 设置/etc/sysctl.conf文件

vim  /etc/sysctl.conf
net.ipv4.ip_forward=1

9. 让/etc/sysctl.conf生效

sysctl -p

9. 重启nova-compute/network/api-metadata

service nova-compute restart
service nova-network restart
service nova-api-metadata restart

过几秒种后,检查nova服务是否正常
service nova-compute status
service nova-network status
service nova-api-metadata status

假如有问题,可以查看日志
vim /var/log/nova/nova-compute.log
vim /var/log/nova/nova-network.log
vim /var/log/nova/nova-api-metadata.log

10. 检查nova的服务

nova-manage service list

 

为Nova-network创建固定IP

在某个计算节点上执行以下操作

nova-manage --config-file /etc/nova/nova.conf network create "private" 10.10.10.0/24 1 256

登录OpenStack Horizon

访问 http://{你的公网IP}/horizon, 用户名和密码是 admin 和 root。

Leave a Reply

Your email address will not be published. Required fields are marked *