Table ofContents
· 1实验环境
· 2架构部署
3控制节点安装
o 3.1前提工作
o 3.2 NTP时钟服务安装
o 3.3 MYSQL数据库服务安装
o 3.4 RABBITMQ消息队列服务安装
o 3.5 PYTHON-NOVACLIENT库安装
o 3.6 KEYSTONE身份认证服务安装
o 3.7 PYTHON-KEYSTONECLIENT库安装
o 3.8 SWIFT对象存储服务安装
o 3.9 GLANCE镜像存储服务安装
o 3.10 NOVA计算服务安装
o 3.11 HORIZON管理面板安装
o 3.12 NOVNC WEB访问安装
o 3.13 KEYSTONE身份认证服务配置
o 3.14 GLANCE镜像存储服务配置
o 3.15建立GLANCE服务数据库
o 3.16 NOVA计算服务配置
o 3.17 SWIFT对象存储服务配置
o 3.18 HORIZON管理面板配置
o 3.19 NOVNC WEB访问配置
4计算节点安装
o 4.1前提工作
o 4.2 NTP时钟同步配置
o 4.3 PYTHON-NOVACLIENT库安装
o 4.4 GLANCE镜像存储服务安装
o 4.5 NOVA计算服务安装
o 4.6 NOVA计算服务配置
1实验环境
· 硬件:
虚拟机 X2
· 系统:
CentOS6.2 x64
· Openstack版本:
Essexrelease(2012.1)
2架构部署
· 配置信息
虚拟机2 :192.168.98.129
·
3.1前提工作
· 导入第三方软件源
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm (命令失败 404)
rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm(warning: /var/tmp/rpm-tmp.EOkMHk: Header V3 DSA/SHA1 Signature, key ID 6b8d79e6: NOKEY)
· 安装依赖包
yum -y install swig libvirt-python libvirt qemu-kvm python-pip gcc make gcc-c++ patchm4 python-devel libxml2-devel libxslt-devel libgsasl-devel openldap-develsqlite-devel openssl-devel wget telnet gpxe-bootimgs gpxe-roms gpxe-roms-qemudmidecode git scsi-target-utils kpartx socat vconfig aoetools
rpm -Uvh http://veillard.com/libvirt/6.3/x86_64/dnsmasq-utils-2.48-6.el6.x86_64.rpm (命令失败 404 )
ln -sv /usr/bin/pip-python /usr/bin/pip
· 更新内核
通过uname -r 查看原内核版本,应如下:
2.6.32-220.el6.x86_64
yum -y install kernel kernel-devel
init 6
通过uname -r 查看更新后内核版本,应如下:
2.6.32-220.7.1.el6.x86_64 (kernel-2.6.32-279.14.1.el6.x86_64)
3.2 NTP时钟服务安装
· 安装NTP时钟同步服务器
yum install -y ntp
· 编辑/etc/ntp.conf,将文件内容替换为如下:
restrictdefault ignore
restrict127.0.0.1
restrict192.168.1.0 mask 255.255.255.0 nomodify notrap
serverntp.api.bz
server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile/var/lib/ntp/drift
keys/etc/ntp/keys
· 重启ntp服务
/etc/init.d/ntpdstart
3.3 MYSQL数据库服务安装
· 安装MYSQL数据库服务
yuminstall -y mysql-server
· 更改MYSQL数据库服务监听内网网卡IP
sed -i'/symbolic-links=0/a bind-address = 192.168.1.2' /etc/my.cnf
· 启动MYSQL数据库服务
/etc/init.d/mysqldstart
· 设置MYSQL的root用户密码为openstack
mysqladmin-uroot password 'openstack';history -c
· 检测服务是否正常启动
通过netstat-ltunp查看是否有tcp 3306端口监听
如果没有正常启动请查看/var/log/mysqld.log文件排错
3.4 RABBITMQ消息队列服务安装
· 安装RABBITMQ消息队列服务
yum -yinstall rabbitmq-server
· 启动RABBITMQ消息队列服务
/etc/init.d/rabbitmq-serverstart
· 更改RABBITMQ消息队列服务guest用户默认密码为openstack
rabbitmqctlchange_password guest openstack
3.5 PYTHON-NOVACLIENT库安装
· 下载源码包
wgethttps://launchpad.net/nova/essex/2012.1/+download/python-novaclient-2012.1.tar.gz-P /opt
· 安装依赖包
yum -yinstall python-simplejson python-prettytable python-argparse python-nose1.1python-httplib2 python-virtualenv MySQL-python
· 解压并安装PYTHON-NOVACLIENT库
cd /opt
tar xfpython-novaclient-2012.1.tar.gz
cdpython-novaclient-2012.1
pythonsetup.py install
rm -f../python-novaclient-2012.1.tar.gz
3.6 KEYSTONE身份认证服务安装
· 下载源码包
wgethttps://launchpad.net/keystone/essex/2012.1/+download/keystone-2012.1.tar.gz -P/opt
· 安装依赖包
yuminstall -y python-eventlet python-greenlet python-paste python-passlib
pipinstall routes==1.12.3 lxml==2.3 pam==0.1.4 passlib sqlalchemy-migrate==0.7.2PasteDeploy==1.5.0 SQLAlchemy==0.7.3 WebOb==1.0.8
· 解压并安装KEYSTONE身份认证服务
cd /opt
tar xfkeystone-2012.1.tar.gz
cdkeystone-2012.1
pythonsetup.py install
rm -f../keystone-2012.1.tar.gz
3.7 PYTHON-KEYSTONECLIENT库安装
· 下载源码包
wget https://launchpad.net/keystone/essex/2012.1/+download/python-keystoneclient-2012.1.tar.gz-P /opt
· 解压并安装PYTHON-KEYSTONECLIENT库
cd /opt
tar xfpython-keystoneclient-2012.1.tar.gz
cdpython-keystoneclient-2012.1
pythonsetup.py install
rm -f../python-keystoneclient-2012.1.tar.gz
3.8 SWIFT对象存储服务安装
· 下载源码包
wgethttps://launchpad.net/swift/essex/1.4.8/+download/swift-1.4.8.tar.gz -P /opt
· 安装依赖包
pipinstall configobj==4.7.1 netifaces==0.6
· 解压并安装SWIFT对象存储服务
cd /opt
tar xfswift-1.4.8.tar.gz
cdswift-1.4.8
pythonsetup.py install
rm -f../swift-1.4.8.tar.gz
3.9 GLANCE镜像存储服务安装
· 下载源码包
wgethttps://launchpad.net/glance/essex/2012.1/+download/glance-2012.1.tar.gz -P/opt
· 安装依赖包
yuminstall -y python-anyjson python-kombu m2crypto
pipinstall xattr==0.6.0 iso8601==0.1.4 pysendfile==2.0.0 pycrypto==2.3 wsgirefboto==2.1.1
· 解压并安装GLANCE镜像存储服务
cd /opt
tar xfglance-2012.1.tar.gz
cdglance-2012.1
pythonsetup.py install
rm -f../glance-2012.1.tar.gz
3.10 NOVA计算服务安装
· 下载源码包
wgethttps://launchpad.net/nova/essex/2012.1/+download/nova-2012.1.tar.gz -P /opt
· 安装依赖包
yuminstall -y python-amqplib python-carrot python-lockfile python-gflagspython-netaddr python-suds python-paramiko python-feedparser
pipinstall Cheetah==2.4.4 python-daemon==1.5.5 Babel==0.9.6
· 解压并安装NOVA计算服务
cd /opt
tar xfnova-2012.1.tar.gz
cdnova-2012.1
pythonsetup.py install
rm -f../nova-2012.1.tar.gz
3.11 HORIZON管理面板安装
· 下载源码包
wgethttps://launchpad.net/horizon/essex/2012.1/+download/horizon-2012.1.tar.gz -P/opt
· 安装依赖包
yuminstall -y python-django-nose python-dateutil python-cloudfiles python-djangopython-django-integration-apache httpd
· 解压并安装HORIZON管理面板
cd /opt
tar xfhorizon-2012.1.tar.gz
cdhorizon-2012.1
pythonsetup.py install
rm -f../horizon-2012.1.tar.gz
3.12 NOVNC WEB访问安装
· 下载源码包
gitclone https://github.com/cloudbuilders/noVNC.git /opt/noVNC
· 安装依赖包
yuminstall -y python-numdisplay
3.13 KEYSTONE身份认证服务配置
· 建立KEYSTONE服务数据库
mysql-uroot -popenstack -e 'create database keystone'
· 建立KEYSTONE服务配置文件存放目录
mkdir/etc/keystone
· 建立KEYSTONE服务启动用户
useradd-s /sbin/nologin -m -d /var/log/keystone keystone
· 在/etc/keystone建立default_catalog.templates作为KEYSTONE服务服务点配置文件,内容如下:
catalog.RegionOne.identity.publicURL= http://60.12.206.105:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL= http://60.12.206.105:$(admin_port)s/v2.0
catalog.RegionOne.identity.internalURL= http://60.12.206.105:$(public_port)s/v2.0
catalog.RegionOne.identity.name= Identity Service
catalog.RegionOne.compute.publicURL= http://60.12.206.105:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.adminURL= http://60.12.206.105:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.internalURL= http://60.12.206.105:8774/v2/$(tenant_id)s
catalog.RegionOne.compute.name= Compute Service
catalog.RegionOne.volume.publicURL= http://60.12.206.105:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.adminURL= http://60.12.206.105:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.internalURL= http://60.12.206.105:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name= Volume Service
catalog.RegionOne.ec2.publicURL= http://60.12.206.105:8773/services/Cloud
catalog.RegionOne.ec2.adminURL= http://60.12.206.105:8773/services/Admin
catalog.RegionOne.ec2.internalURL= http://60.12.206.105:8773/services/Cloud
catalog.RegionOne.ec2.name= EC2 Service
catalog.RegionOne.s3.publicURL= http://60.12.206.105:3333
catalog.RegionOne.s3.adminURL= http://60.12.206.105:3333
catalog.RegionOne.s3.internalURL= http://60.12.206.105:3333
catalog.RegionOne.s3.name= S3 Service
catalog.RegionOne.image.publicURL= http://60.12.206.105:9292/v1
catalog.RegionOne.image.adminURL= http://60.12.206.105:9292/v1
catalog.RegionOne.image.internalURL= http://60.12.206.105:9292/v1
catalog.RegionOne.image.name= Image Service
catalog.RegionOne.object_store.publicURL= http://60.12.206.105:8080/v1/AUTH_$(tenant_id)s
catalog.RegionOne.object_store.adminURL= http://60.12.206.105:8080/
catalog.RegionOne.object_store.internalURL= http://60.12.206.105:8080/v1/AUTH_$(tenant_id)s
catalog.RegionOne.object_store.name= Swift Service
· 在/etc/keystone建立policy.json作为KEYSTONE服务策略文件,内容如下:
{
"admin_required":[["role:admin"], ["is_admin:1"]]
}
· 在/etc/keystone建立keystone.conf作为KEYSTONE服务配置文件,内容如下:
[DEFAULT]
public_port= 5000
admin_port= 35357
admin_token= ADMIN
compute_port= 8774
verbose= True
debug =True
log_file= /var/log/keystone/keystone.log
use_syslog= False
syslog_log_facility= LOG_LOCAL0
[sql]
connection= mysql://root:openstack@localhost/keystone
idle_timeout= 30
min_pool_size= 5
max_pool_size= 10
pool_timeout= 200
[identity]
driver =keystone.identity.backends.sql.Identity
[catalog]
driver =keystone.catalog.backends.templated.TemplatedCatalog
template_file= /etc/keystone/default_catalog.templates
[token]
driver =keystone.token.backends.kvs.Token
[policy]
driver =keystone.policy.backends.simple.SimpleMatch
[ec2]
driver =keystone.contrib.ec2.backends.sql.Ec2
[filter:debug]
paste.filter_factory= keystone.common.wsgi:Debug.factory
[filter:token_auth]
paste.filter_factory= keystone.middleware:TokenAuthMiddleware.factory
[filter:admin_token_auth]
paste.filter_factory= keystone.middleware:AdminTokenAuthMiddleware.factory
[filter:xml_body]
paste.filter_factory= keystone.middleware:XmlBodyMiddleware.factory
[filter:json_body]
paste.filter_factory= keystone.middleware:JsonBodyMiddleware.factory
[filter:crud_extension]
paste.filter_factory= keystone.contrib.admin_crud:CrudExtension.factory
[filter:ec2_extension]
paste.filter_factory= keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory= keystone.contrib.s3:S3Extension.factory
[app:public_service]
paste.app_factory= keystone.service:public_app_factory
[app:admin_service]
paste.app_factory= keystone.service:admin_app_factory
[pipeline:public_api]
pipeline= token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extensionpublic_service
[pipeline:admin_api]
pipeline= token_auth admin_token_auth xml_body json_body debug ec2_extensioncrud_extension admin_service
[app:public_version_service]
paste.app_factory= keystone.service:public_version_app_factory
[app:admin_version_service]
paste.app_factory= keystone.service:admin_version_app_factory
[pipeline:public_version_api]
pipeline= xml_body public_version_service
[pipeline:admin_version_api]
pipeline= xml_body admin_version_service
[composite:main]
use =egg:Paste#urlmap
/v2.0 =public_api
/ =public_version_api
[composite:admin]
use =egg:Paste#urlmap
/v2.0 =admin_api
/ =admin_version_api
· 在/etc/init.d/下建立名为keystone的KEYSTONE服务启动脚本,内容如下:
#!/bin/sh
#
#keystone OpenStack Identity Service
#
#chkconfig: - 20 80
#description: keystone works provide apis to \
# * Authenticate users and providea token \
# * Validate tokens
### ENDINIT INFO
./etc/rc.d/init.d/functions
prog=keystone
prog_exec=keystone-all
exec="/usr/bin/$prog_exec"
config="/etc/$prog/$prog.conf"
pidfile="/var/run/$prog/$prog.pid"
[ -e/etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/$prog
start(){
[ -x $exec ] || exit 5
[ -f $config ] || exit 6
echo -n $"Starting $prog: "
daemon --user keystone --pidfile $pidfile"$exec --config-file=$config &>/dev/null & echo \$! >$pidfile"
retval=$?
echo
[ $retval -eq 0 ] && touch$lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f$lockfile
return $retval
}
restart(){
stop
start
}
reload(){
restart
}
force_reload(){
restart
}
rh_status(){
status -p $pidfile $prog
}
rh_status_q(){
rh_status >/dev/null 2>&1
}
case"$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
restart
;;
*)
echo $"Usage: $0{start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
exit 2
esac
exit $?
· 配置启动脚本:
chmod755 /etc/init.d/keystone
mkdir/var/run/keystone
mkdir/var/lock/keystone
chownkeystone:root /var/run/keystone
chownkeystone:root /var/lock/keystone
· 启动KEYSTONE服务
/etc/init.d/keystonestart
· 检测服务是否正常启动
通过netstat-ltunp查看是否有tcp 5000和tcp 35357端口监听
如果没有正常启动请查看/var/log/keystone/keystone.log文件排错
· 建立KEYSTONE服务初始化数据脚本keystone_data.sh,内容如下:
#!/bin/bash
#Variables set before calling this script:
#SERVICE_TOKEN - aka admin_token in keystone.conf
#SERVICE_ENDPOINT - local Keystone admin endpoint
#SERVICE_TENANT_NAME - name of tenant containing service accounts
#ENABLED_SERVICES - stack.sh's list of services to start
#DEVSTACK_DIR - Top-level DevStack directory
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-service}
exportSERVICE_TOKEN=ADMIN
exportSERVICE_ENDPOINT=http://localhost:35357/v2.0
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-tenant}
functionget_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
#Tenants
ADMIN_TENANT=$(get_idkeystone tenant-create --name=admin)
SERVICE_TENANT=$(get_idkeystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_idkeystone tenant-create --name=demo)
INVIS_TENANT=$(get_idkeystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_idkeystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@example.com)
DEMO_USER=$(get_idkeystone user-create --name=demo \
--pass="$ADMIN_PASSWORD" \
--email=demo@example.com)
# Roles
ADMIN_ROLE=$(get_idkeystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_idkeystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_idkeystone role-create --name=KeystoneServiceAdmin)
ANOTHER_ROLE=$(get_idkeystone role-create --name=anotherrole)
# AddRoles to Users in Tenants
keystoneuser-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystoneuser-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystoneuser-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
#TODO(termie): these two might be dubious
keystoneuser-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id$ADMIN_TENANT
keystoneuser-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id$ADMIN_TENANT
# TheMember role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_idkeystone role-create --name=Member)
keystoneuser-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystoneuser-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
NOVA_USER=$(get_idkeystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@example.com)
keystoneuser-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
GLANCE_USER=$(get_idkeystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id$SERVICE_TENANT \
--email=glance@example.com)
keystoneuser-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
SWIFT_USER=$(get_idkeystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@example.com)
keystoneuser-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
RESELLER_ROLE=$(get_idkeystone role-create --name=ResellerAdmin)
keystoneuser-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
· 建立KEYSTONE服务数据库结构
keystone-managedb_sync
· 执行初始化数据脚本
bashkeystone_data.sh
3.14 GLANCE镜像存储服务配置
3.15建立GLANCE服务数据库
mysql-uroot -popenstac