OpenStack安装步骤（图解）【1】

本文使用两台服务器搭建OpenStack，服务器均预装Ubuntu Server 12.04，共安装OpenStack的子项目keystone, glance及nova。搭建的基本架构图如下：

1.      更新Ubuntu，两台服务器都需要。

Sudo apt-get update

Sudo apt-get upgrade

2.      Ntp服务，多节点同步

Controller节点：

$ sudo apt-get install -y ntp

# sed -i 's/server ntp.ubuntu.com/serverntp.ubuntu.com\nserver 127.127.1.0\

nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf

# service ntp restart

Compute节点:

$ sudo apt-get install -y ntp

ntpdate 'controllernode ip'

hwclock –w

Controller节点keystone安装部分：

1.      安装keystone

# apt-get install keystone

# rm /var/lib/keystone/keystone.db

2.      安装MySQL

apt-get install python-mysqldb mysql-server

# sed -i 's/127.0.0.1/0.0.0.0/g'/etc/mysql/my.cnf

# service mysql restart

$ mysql -u root –p（密码：passwd）

mysql> CREATE DATABASE keystone;

mysql> GRANT ALL ON keystone.* TO 'keystone'@'%'IDENTIFIED BY

'[YOUR_KEYSTONE_PASSWORD]';（keystone密码：passwd）

mysql> quit

 

3.      changethe line defining "connection" in /etc/keystone/keystone.conflike so:

connection = mysql://keystone:passwd@192.168.3.6/

keystone

admin_token = SECRET1234567890

 

4.      重启keystone，同步

# sudo service keystone restart

# keystone-manage db_sync

数据库中会有更新后的内容

 

Setting up tenants, users,and roles

1.        $git clonehttps://github.com/nimbis/keystone-init.git由于网络原因，没有git成功

增加Default Tenant：openstackDemo

2.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 tenant-create --name openstackDemo --description"Default Tenant" --enabled true

增加default user：adminUser

3.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-create --tenant_id516c51ea92474295844aa98c3994ba59 --name adminUser --pass secretword --enabledtrue

 

增加default role：admin和memberRole

4.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 role-create --name admin

5.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 role-create --name memberRole

 Grant the adminrole to the adminUser user in theopenstackDemo tenant with “userrole-add”.

6.      keystone --tokenSECRET1234567890 --endpoint http://192.168.3.6:35357/v2.0 user-role-add --user82253661a9724a6c8ed3da5b83ba9f00 --tenant_id 516c51ea92474295844aa98c3994ba59--role 51bbb02c1c4f4252bede1e11a33ab2f9

 

Create a Service Tenant. Thistenant contains all the services that we make known to the service catalog.

7.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 tenant-create --name service --description"Service Tenant" --enabled true

Create a Glance Service Userin the Service Tenant

8.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-create --tenant_ideb3f17d8ef5a45e19a894be697a15a65 --name glance --pass glance --enabled true

Grant the admin role to the glance user in the service tenant

9.       keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-role-add --userd40eb0656e0640eeba2cf2af5ceb6241 --tenant_id eb3f17d8ef5a45e19a894be697a15a65--role 51bbb02c1c4f4252bede1e11a33ab2f9

 

Create a Nova Service User inthe Service Tenant

10.   keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-create --tenant_ideb3f17d8ef5a45e19a894be697a15a65 --name nova --pass nova --enabled true

Grant the admin role to the nova user in the service tenant

11.   keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-role-add --user693d1005c2374ee9bcb2f2f52624caff --tenant_id eb3f17d8ef5a45e19a894be697a15a65--role 51bbb02c1c4f4252bede1e11a33ab2f9

 

Create an Object Storage ServiceUser in the Service Tenant.

12.  keystone --tokenSECRET1234567890 --endpoint http://192.168.3.6:35357/v2.0 user-create--tenant_id eb3f17d8ef5a45e19a894be697a15a65 --name swift --pass swiftpass--enabled true

Grant the admin role to the swift user in the service tenant

13.   keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-role-add --user4c22054357c942468800b46798f6a2f0 --tenant_id eb3f17d8ef5a45e19a894be697a15a65--role 51bbb02c1c4f4252bede1e11a33ab2f9

 

Create an EC2 Service User inthe Service Tenant.

14.   keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-create --tenant_ideb3f17d8ef5a45e19a894be697a15a65 --name ec2 --pass ec2 --enabled true

Grant the admin role to the ec2 user in the service tenant.

15.   keystone --token SECRET1234567890 --endpointhttp://192.168.3.6:35357/v2.0 user-role-add --user17210309cfc644b5af86e596325baad4 --tenant_id eb3f17d8ef5a45e19a894be697a15a65--role 51bbb02c1c4f4252bede1e11a33ab2f9

 

Enable keystone

对S3的支持

In order to enable the compatibility for Swift with theS3 API within Keystone, make sure to

definea new filter and enable it. In the keystone.conf file :

1.   Define the filter:

[filter:s3_extension]

paste.filter_factory =keystone.contrib.s3:S3Extension.factory

 

2.   Enable it by add “s3_extension”to the “admin_api” pipeline.

[pipeline:admin_api]

pipeline = token_auth admin_token_auth xml_bodyjson_body debug

ec2_extension s3_extension crud_extensionadmin_service

Creating keystone servicesand service endpoints

1.      Define the identity service:

2.      Define the Compute service:

3.      Define the Volume service:

4.      Define the Image service:

5.      Define the EC2 compatibilityservice:

6.      Define the Object Storageservice:

验证keystone

添加环境变量，为了方便期间，添加文件keystonerc，内容：

export ADMIN_TOKEN=SECRET1234567890

export OS_USERNAME=adminUser

export OS_PASSWORD=secretword

export OS_TENANT_NAME=openstackDemo

exportOS_AUTH_URL=http://127.0.0.1:5000/v2.0/

运行source keystonerc