copyright by ZhangLongXing
2. Controller Node
2.1. Preparing Ubuntu
· After you install Ubuntu12.04 or 13.04 Server 64bits, Go in sudo mode and don't leave it until the endof this guide:
sudo su
· Add Grizzly repositories[Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyringecho deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
· Update your system:
apt-get update -yapt-get upgrade -yapt-get dist-upgrade -y
2.2. Networking
· Only one NIC should have aninternet access:
#For Exposing OpenStack API over the internetauto eth1iface eth1 inet staticaddress 10.10.10.6netmask 255.255.255.0gateway 10.10.10.1dns-nameservers 8.8.8.8 #Not internet connected(used for OpenStack management)auto eth0iface eth0 inet staticaddress 192.168.100.6netmask 255.255.255.0
· Restart the networkingservice:
service networking restart
2.3. MySQL & RabbitMQ
· Install MySQL:
apt-get install -y mysql-server python-mysqldb
· Configure mysql to acceptall incoming requests:
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnfmysql -uroot -ppasswordgrant all privileges on *.* to root@"%" identified by "password" with grant option;FLUSH PRIVILEGES;use mysql;delete from user where user="";quit; service mysql restart
· Create these databases:
mysql -uroot -ppassword #KeystoneCREATE DATABASE keystone;GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass'; #GlanceCREATE DATABASE glance;GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass'; #QuantumCREATE DATABASE quantum;GRANT ALL ON quantum.* TO 'quantumUser'@'%' IDENTIFIED BY 'quantumPass'; #NovaCREATE DATABASE nova;GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass'; #CinderCREATE DATABASE cinder;GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass'; quit;
2.4. RabbitMQ
· Install RabbitMQ:
apt-get install -y rabbitmq-server
· Install NTP service:
apt-get install -y ntp
2.5. Others
· Install other services:
apt-get install -y vlan bridge-utils
· Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf # To save you from rebooting, perform the followingsysctl net.ipv4.ip_forward=1
2.6. Keystone
· Start by the keystonepackages:
apt-get install -y keystone
· Adapt the connectionattribute in the /etc/keystone/keystone.conf to the new database:
connection = mysql://keystoneUser:keystonePass@192.168.100.6/keystone
· Restart the identityservice then synchronize the database:
service keystone restartkeystone-manage db_sync
· Fill up the keystonedatabase using the two scripts available in the Scriptsfolder of this git repository:
#Modify the **HOST_IP** and **EXT_HOST_IP** variables before executing the scripts wget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/OVS_MultiNode/KeystoneScripts/keystone_basic.shwget https://raw.github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/OVS_MultiNode/KeystoneScripts/keystone_endpoints_basic.sh chmod +x keystone_basic.shchmod +x keystone_endpoints_basic.sh ./keystone_basic.sh./keystone_endpoints_basic.sh
· Create a simple credentialfile and load it so you won't be bothered later:
vim creds #Paste the following:export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=admin_passexport OS_AUTH_URL="http://10.10.10.6:5000/v2.0/" # Load it:source creds
· To test Keystone, we use asimple CLI command:
keystone user-list
2.7. Glance
· We Move now to Glanceinstallation:
apt-get install -y glance
· Update/etc/glance/glance-api-paste.ini with:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factorydelay_auth_decision = trueauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = service_pass
· Update the/etc/glance/glance-registry-paste.ini with:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = glanceadmin_password = service_pass
· Update/etc/glance/glance-api.conf with:
sql_connection = mysql://glanceUser:glancePass@192.168.100.6/glance
· And:
[paste_deploy]flavor = keystone
· Update the/etc/glance/glance-registry.conf with:
sql_connection = mysql://glanceUser:glancePass@192.168.100.6/glance
· And:
[paste_deploy]flavor = keystone
· Restart the glance-api andglance-registry services:
service glance-api restart; service glance-registry restart
· Synchronize the glancedatabase:
glance-manage db_sync
· To test Glance, upload thecirros cloud image directly from the internet:
glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
· Now list the image to seewhat you have just uploaded:
glance image-list
2.8. Quantum
· Install the Quantum serverand the OpenVSwitch package collection:
apt-get install -y quantum-server
· Edit the OVS pluginconfiguration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.iniwith:
#Under the database section[DATABASE]sql_connection = mysql://quantumUser:quantumPass@192.168.100.6/quantum #Under the OVS section[OVS]tenant_network_type = gretunnel_id_ranges = 1:1000enable_tunneling = True#Firewall driver for realizing quantum security group function[SECURITYGROUP]firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
· Edit/etc/quantum/api-paste.ini
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_pass
· Update the/etc/quantum/quantum.conf:
[keystone_authtoken]auth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_passsigning_dir = /var/lib/quantum/keystone-signing
· Restart the quantum server:
service quantum-server restart
2.9. Nova
· Start by installing novacomponents:
apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor
· Now modify authtokensection in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = novaadmin_password = service_passsigning_dirname = /tmp/keystone-signing-nova# Workaround for https://bugs.launchpad.net/nova/+bug/1154809auth_version = v2.0
· Modify the/etc/nova/nova.conf like this:
[DEFAULT]logdir=/var/log/novastate_path=/var/lib/novalock_path=/run/lock/novaverbose=Trueapi_paste_config=/etc/nova/api-paste.inicompute_scheduler_driver=nova.scheduler.simple.SimpleSchedulerrabbit_host=192.168.100.6nova_url=http://192.168.100.6:8774/v1.1/sql_connection=mysql://novaUser:novaPass@192.168.100.6/novaroot_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf # Authuse_deprecated_auth=falseauth_strategy=keystone # Imaging serviceglance_api_servers=192.168.100.6:9292image_service=nova.image.glance.GlanceImageService # Vnc configurationnovnc_enabled=truenovncproxy_base_url=http://10.10.10.6:6080/vnc_auto.htmlnovncproxy_port=6080vncserver_proxyclient_address=192.168.100.6vncserver_listen=0.0.0.0 # Network settingsnetwork_api_class=nova.network.quantumv2.api.APIquantum_url=http://192.168.100.6:9696quantum_auth_strategy=keystonequantum_admin_tenant_name=servicequantum_admin_username=quantumquantum_admin_password=service_passquantum_admin_auth_url=http://192.168.100.6:35357/v2.0libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriverlinuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver#If you want Quantum + Nova Security groupsfirewall_driver=nova.virt.firewall.NoopFirewallDriversecurity_group_api=quantum#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver#Metadataservice_quantum_metadata_proxy = Truequantum_metadata_proxy_shared_secret = helloOpenStack # Compute #compute_driver=libvirt.LibvirtDriver # Cinder #volume_api_class=nova.volume.cinder.APIosapi_volume_listen_port=5900
· Synchronize your database:
nova-manage db sync
· Restart nova-* services:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
· Check for the smiling faceson nova-* services to confirm your installation:
nova-manage service list
2.10. Cinder
· Install the requiredpackages:
apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms
· Configure the iscsiservices:
sed -i 's/false/true/g' /etc/default/iscsitarget
· Restart the services:
service iscsitarget startservice open-iscsi start
· Configure/etc/cinder/api-paste.ini like the following:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryservice_protocol = httpservice_host = 10.10.10.6service_port = 5000auth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = cinderadmin_password = service_passsigning_dir = /var/lib/cinder
· Edit the/etc/cinder/cinder.conf to:
[DEFAULT]rootwrap_config=/etc/cinder/rootwrap.confsql_connection = mysql://cinderUser:cinderPass@192.168.100.6/cinderapi_paste_config = /etc/cinder/api-paste.iniiscsi_helper=ietadmvolume_name_template = volume-%svolume_group = cinder-volumesverbose = Trueauth_strategy = keystoneiscsi_ip_address=192.168.100.6
· Then, synchronize yourdatabase:
cinder-manage db sync
· Finally, don't forget tocreate a volumegroup and name it cinder-volumes:
dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2Glosetup /dev/loop2 cinder-volumesfdisk /dev/loop2#Type in the followings:np1ENTERENTERt8ew
· Proceed to create thephysical volume then the volume group:
pvcreate /dev/loop2vgcreate cinder-volumes /dev/loop2
Note: Beware that this volumegroup gets lost after a system reboot. (Click Here to know how to load it after a reboot)
· Restart the cinderservices:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done
· Verify if cinder servicesare running:
cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done
2.11. Horizon
· To install horizon, proceedlike this
apt-get install -y openstack-dashboard memcached
· If you don't like theOpenStack ubuntu theme, you can remove the package to disable it:
dpkg --purge openstack-dashboard-ubuntu-theme
· Reload Apache andmemcached:
service apache2 restart; service memcached restart
3. NetworkNode
3.1. Preparing the Node
· After you install Ubuntu12.04 or 13.04 Server 64bits, Go in sudo mode:
sudo su
· Add Grizzly repositories[Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyringecho deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
· Update your system:
apt-get update -yapt-get upgrade -yapt-get dist-upgrade -y
· Install ntp service:
apt-get install -y ntp
· Configure the NTP server tofollow the controller node:
#Comment the ubuntu NTP serverssed -i 's/server 0.ubuntu.pool.ntp.org/#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 1.ubuntu.pool.ntp.org/#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 2.ubuntu.pool.ntp.org/#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 3.ubuntu.pool.ntp.org/#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf #Set the network node to follow up your conroller nodesed -i 's/server ntp.ubuntu.com/server 192.168.100.6/g' /etc/ntp.conf service ntp restart
· Install other services:
apt-get install -y vlan bridge-utils
· Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf # To save you from rebooting, perform the followingsysctl net.ipv4.ip_forward=1
3.2.Networking
· 3 NICs must be present:
# OpenStack managementauto eth0iface eth0 inet staticaddress 192.168.100.11netmask 255.255.255.0 # VM Configurationauto p51p1iface p51p1 inet staticaddress 192.168.200.11netmask 255.255.255.0 # VM internet Accessauto p51p2iface p51p2 inet staticaddress 10.10.10.11netmask 255.255.255.0gateway 10.10.10.1dns-nameservers 8.8.8.8
3.4. OpenVSwitch (Part1)
· Install the openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
· Create the bridges:
#br-int will be used for VM integrationovs-vsctl add-br br-int #br-ex is used to make to VM accessible from the internetovs-vsctl add-br br-ex
3.5. Quantum
· Install the Quantumopenvswitch agent, l3 agent and dhcp agent:
apt-get -y install quantum-plugin-openvswitch-agent quantum-dhcp-agent quantum-l3-agent quantum-metadata-agent
· Edit/etc/quantum/api-paste.ini:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_pass
· Edit the OVS pluginconfiguration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.iniwith:
#Under the database section[DATABASE]sql_connection = mysql://quantumUser:quantumPass@192.168.100.6/quantum #Under the OVS section[OVS]tenant_network_type = gretunnel_id_ranges = 1:1000integration_bridge = br-inttunnel_bridge = br-tunlocal_ip = 192.168.200.11enable_tunneling = True#Firewall driver for realizing quantum security group function [SECURITYGROUP]firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
· Update /etc/quantum/metadata_agent.ini:
# The Quantum user information for accessing the Quantum API.auth_url = http://192.168.100.6:35357/v2.0auth_region = RegionOneadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_pass # IP address used by Nova metadata servernova_metadata_ip = 192.168.100.6 # TCP Port used by Nova metadata servernova_metadata_port = 8775 metadata_proxy_shared_secret = helloOpenStack
· Make sure that yourrabbitMQ IP in /etc/quantum/quantum.conf is set to the controller node:
rabbit_host = 192.168.100.6 #And update the keystone_authtoken section [keystone_authtoken]auth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_passsigning_dir = /var/lib/quantum/keystone-signing
Edit /etc/sudoers to give it full access like this(This is unfortunatly mandatory)
sudovisudo
#Modifythe quantum user
quantumALL=NOPASSWD: ALL
· Restart all the services:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
3.4. OpenVSwitch (Part2)
· Edit the eth2 in/etc/network/interfaces to become like this:
# VM internet Accessauto p51p2iface p51p2 inet manualup ifconfig $IFACE 0.0.0.0 upup ip link set $IFACE promisc ondown ip link set $IFACE promisc offdown ifconfig $IFACE down auto br-exiface br-ex inet static address 10.10.10.11 netmask 255.255.255.0 gateway 10.10.10.1 dns-nameservers 8.8.8.8
· Add the eth2 to the br-ex:
#Internet connectivity will be lost after this step but this won't affect OpenStack's workovs-vsctl add-port br-ex p51p2 #If you want to get internet connection back, you can assign the eth2's IP address to the br-ex in the /etc/network/interfaces file.
4. ComputeNode
4.1. Preparing the Node
· After you install Ubuntu12.04 or 13.04 Server 64bits, Go in sudo mode:
sudo su
· Add Grizzly repositories[Only for Ubuntu 12.04]:
apt-get install -y ubuntu-cloud-keyringecho deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main >> /etc/apt/sources.list.d/grizzly.list
· Update your system:
apt-get update -yapt-get upgrade -yapt-get dist-upgrade -y
· Install ntp service:
apt-get install -y ntp
· Configure the NTP server tofollow the controller node:
#Comment the ubuntu NTP serverssed -i 's/server 0.ubuntu.pool.ntp.org/#server 0.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 1.ubuntu.pool.ntp.org/#server 1.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 2.ubuntu.pool.ntp.org/#server 2.ubuntu.pool.ntp.org/g' /etc/ntp.confsed -i 's/server 3.ubuntu.pool.ntp.org/#server 3.ubuntu.pool.ntp.org/g' /etc/ntp.conf #Set the compute node to follow up your conroller nodesed -i 's/server ntp.ubuntu.com/server 192.168.100.6/g' /etc/ntp.conf service ntp restart
· Install other services:
apt-get install -y vlan bridge-utils
· Enable IP_Forwarding:
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf # To save you from rebooting, perform the followingsysctl net.ipv4.ip_forward=1
4.2.Networking
· Perform the following:
# OpenStack managementauto eth0auto eth0:0auto eth0:1iface eth0:0 inet static address 10.10.10.7 netmask 255.255.255.0 network 10.10.10.0 broadcast 10.10.10.255 gateway 10.10.10.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 8.8.8.8 dns-search ourfuture.cniface eth0:1 inet static address 192.168.100.7 netmask 255.255.255.0 # VM Configurationauto eth1iface eth1 inet staticaddress 192.168.200.7netmask 255.255.255.0
4.3 KVM
· make sure that yourhardware enables virtualization:
apt-get install -y cpu-checkerkvm-ok
· Normally you would get agood response. Now, move to install kvm and configure it:
apt-get install -y kvm libvirt-bin pm-utils
· Edit the cgroup_device_aclarray in the /etc/libvirt/qemu.conf file to:
cgroup_device_acl = ["/dev/null", "/dev/full", "/dev/zero","/dev/random", "/dev/urandom","/dev/ptmx", "/dev/kvm", "/dev/kqemu","/dev/rtc", "/dev/hpet","/dev/net/tun"]
· Delete default virtualbridge
virsh net-destroy defaultvirsh net-undefine default
· Enable live migration byupdating /etc/libvirt/libvirtd.conf file:
listen_tls = 0listen_tcp = 1auth_tcp = "none"
· Edit libvirtd_opts variablein /etc/init/libvirt-bin.conf file:
env libvirtd_opts="-d -l"
· Edit/etc/default/libvirt-bin file
libvirtd_opts="-d -l"
· Restart the libvirt serviceto load the new values:
service libvirt-bin restart
4.4. OpenVSwitch
· Install the openVSwitch:
apt-get install -y openvswitch-switch openvswitch-datapath-dkms
· Create the bridges:
#br-int will be used for VM integrationovs-vsctl add-br br-int
4.5. Quantum
· Install the Quantumopenvswitch agent:
apt-get -y install quantum-plugin-openvswitch-agent
· Edit the OVS pluginconfiguration file /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.iniwith:
#Under the database section[DATABASE]sql_connection = mysql://quantumUser:quantumPass@192.168.100.6/quantum #Under the OVS section[OVS]tenant_network_type = gretunnel_id_ranges = 1:1000integration_bridge = br-inttunnel_bridge = br-tunlocal_ip = 192.168.200.7enable_tunneling = True#Firewall driver for realizing quantum security group function[SECURITYGROUP]firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
· Make sure that yourrabbitMQ IP in /etc/quantum/quantum.conf is set to the controller node:
rabbit_host = 192.168.100.6 #And update the keystone_authtoken section [keystone_authtoken]auth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = quantumadmin_password = service_passsigning_dir = /var/lib/quantum/keystone-signing
· Restart all the services:
service quantum-plugin-openvswitch-agent restart
4.6. Nova
· Install nova's requiredcomponents for the compute node:
apt-get install -y nova-compute-kvm
· Now modify authtokensection in the /etc/nova/api-paste.ini file to this:
[filter:authtoken]paste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = 192.168.100.6auth_port = 35357auth_protocol = httpadmin_tenant_name = serviceadmin_user = novaadmin_password = service_passsigning_dirname = /tmp/keystone-signing-nova# Workaround for https://bugs.launchpad.net/nova/+bug/1154809auth_version = v2.0
· Edit /etc/nova/nova-compute.conffile
[DEFAULT]libvirt_type=kvmlibvirt_ovs_bridge=br-intlibvirt_vif_type=ethernetlibvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriverlibvirt_use_virtio_for_bridges=True
· Modify the/etc/nova/nova.conf like this:
[DEFAULT]logdir=/var/log/novastate_path=/var/lib/novalock_path=/run/lock/novaverbose=Trueapi_paste_config=/etc/nova/api-paste.inicompute_scheduler_driver=nova.scheduler.simple.SimpleSchedulerrabbit_host=192.168.100.6nova_url=http://192.168.100.6:8774/v1.1/sql_connection=mysql://novaUser:novaPass@192.168.100.6/novaroot_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf # Authuse_deprecated_auth=falseauth_strategy=keystone # Imaging serviceglance_api_servers=192.168.100.6:9292image_service=nova.image.glance.GlanceImageService # Vnc configurationnovnc_enabled=truenovncproxy_base_url=http://10.10.10.6:6080/vnc_auto.htmlnovncproxy_port=6080vncserver_proxyclient_address=192.168.100.7vncserver_listen=0.0.0.0 # Network settingsnetwork_api_class=nova.network.quantumv2.api.APIquantum_url=http://192.168.100.6:9696quantum_auth_strategy=keystonequantum_admin_tenant_name=servicequantum_admin_username=quantumquantum_admin_password=service_passquantum_admin_auth_url=http://192.168.100.6:35357/v2.0libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriverlinuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver#If you want Quantum + Nova Security groupsfirewall_driver=nova.virt.firewall.NoopFirewallDriversecurity_group_api=quantum#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver#Metadataservice_quantum_metadata_proxy = Truequantum_metadata_proxy_shared_secret = helloOpenStack # Compute #compute_driver=libvirt.LibvirtDriver # Cinder #volume_api_class=nova.volume.cinder.APIosapi_volume_listen_port=5900cinder_catalog_info=volume:cinder:internalURL
· Restart nova-* services:
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
· Check for the smiling faceson nova-* services to confirm your installation:
nova-manage service list
5. Yourfirst VM
To start your firstVM, we first need to create a new tenant, user and internal network.
5.1 tenant and user5.1.1 new tenant
· Create a new tenant
keystone tenant-create --name project_one
5.1.2 new user
· Create a new user andassign the member role to it in the new tenant (keystone role-list to get theappropriate id):
keystone user-create --name=user_one --pass=user_one --tenant-id $put_id_of_project_one --email=user_one@domain.comkeystone user-role-add --tenant-id $put_id_of_project_one --user-id $put_id_of_user_one --role-id $put_id_of_member_role
5.2 fixedip5.2.1 net
· Create a new network forthe tenant:
quantum net-create --tenant-id $put_id_of_project_one net_proj_one
5.2.2 subnet
· Create a new subnet insidethe new tenant network:
quantum subnet-create --tenant-id $put_id_of_project_one net_proj_one 50.50.1.0/24
5.2.3 router
· Create a router for the newtenant:
quantum router-create --tenant-id $put_id_of_project_one router_proj_one
· Add the router to therunning l3 agent (if it wasn't automatically added):
quantum agent-list (to get the l3 agent ID)quantum l3-agent-router-add $l3_agent_ID router_proj_one
· Add the router to thesubnet:
quantum router-interface-add $put_router_proj_one_id_here $put_subnet_id_here
· Restart all quantumservices:
cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done
5.3 external network5.3.1 net
· Create an external networkwith the tenant id belonging to the admin tenant (keystone tenant-list to getthe appropriate id):
quantum net-create --tenant-id $put_id_of_admin_tenant ext_net --router:external=True
5.3.2 subnet
· Create a subnet for thefloating ips:
quantum subnet-create --tenant-id $put_id_of_admin_tenant --allocation-pool start=10.10.10.102,end=10.10.10.126 --gateway 10.10.10.1 ext_net 10.10.10.100/24 --enable_dhcp=False
5.3.3 set router’s gateway
· Set your router's gatewayto the external network:
quantum router-gateway-set $put_router_proj_one_id_here $put_id_of_ext_net_here
· Source creds relative toyour project one tenant now:
vim creds_proj_one #Paste the following:export OS_TENANT_NAME=project_oneexport OS_USERNAME=user_oneexport OS_PASSWORD=user_oneexport OS_AUTH_URL="http://10.10.10.6:5000/v2.0/" source creds_proj_one
5.4 security rules
· Add this security rules tomake your VMs pingable:
nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
5.5 floatingip create
· Start by allocating afloating ip to the project one tenant:
quantum floatingip-create ext_net
· Start a VM:
nova --no-cache boot --image $id_myFirstImage --flavor 1 my_first_vm
· pick the id of the portcorresponding to your VM:
quantum port-list
· Associate the floating IPto your VM:
quantum floatingip-associate $put_id_floating_ip $put_id_vm_port
That'sit ! ping your VM and enjoy your OpenStack.
这篇文章的最后部分,网络可以在OpenStack的web端创建,镜像也可以通过web端上传。