F版本OpenStack 完全安装
下载最新版ubuntu:12.04 LTS x86_64
先决条件
一台服务器有两个网卡
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.211.55.17 netmask 255.255.255.0 gateway 10.211.55.1 # This is an autoconfigured IPv6 interface iface eth0 inet6 auto auto eth1 iface eth1 inet static address 10.211.55.20 netmask 255.255.255.0 gatewaty10.211.55.1
$ sudo /etc/init.d/networking restart
下载和精确安装Ubuntu 12.04 LTS x86_64
添加下列Ubuntu的库(根):
# echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main >> /etc/apt/sources.list.d/folsom.list # apt-get install ubuntu-cloud-keyring # apt-get update # apt-get upgrade
安装所需的软件包
$ sudo apt-get install vlan bridge-utils ntp mysql-server python-mysqldb
启动 ip_forwarding.
$ sudo vim /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
更新配置
$ sudo sysctl -p
编辑 /etc/ntp.conf
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # Specify one or more NTP servers. # Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board # on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for # more information. server 0.ubuntu.pool.ntp.org server 1.ubuntu.pool.ntp.org server 2.ubuntu.pool.ntp.org server 3.ubuntu.pool.ntp.org # Use Ubuntu's ntp server as a fallback. server ntp.ubuntu.com iburst server 127.127.1.0 fudge 127.127.1.0 stratum 10 # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> # might also be helpful. # # Note that "restrict" applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient
$ sudo service ntp restart
编辑 /etc/mysql/my.cnf
bind-address = 0.0.0.0
重启 mysql server.
$ sudo service mysql restart
创建和添加数据库的所有服务
$ mysql -u root -proot -e "create database nova;" $ mysql -u root -proot -e "create database glance;" $ mysql -u root -proot -e "create database cinder;" $ mysql -u root -proot -e "create database keystone;" $ mysql -u root -proot -e "create database ovs_quantum;"
添加创建的数据库MySQL的权限
mysql > grant all privileges on nova.* to nova@"localhost" identified by "openstack"; mysql > grant all privileges on nova.* to nova@"%" identified by "openstack"; mysql > grant all privileges on glance.* to glance@"localhost" identified by "openstack"; mysql > grant all privileges on glance.* to glance@"%" identified by "openstack"; mysql > grant all privileges on cinder.* to cinder@"localhost" identified by "openstack"; mysql > grant all privileges on cinder.* to cinder@"%" identified by "openstack"; mysql > grant all privileges on keystone.* to keystone@"localhost" identified by "openstack"; mysql > grant all privileges on keystone.* to keystone@"%" identified by "openstack"; mysql > grant all privileges on ovs_quantum.* to ovs_quantum@"localhost" identified by "openstack"; mysql > grant all privileges on ovs_quantum.* to ovs_quantum@"%" identified by "openstack";
安装和配置身份识别服务
安装软件包
$ sudo apt-get install keystone python-keystone python-keystoneclient编辑 /etc/keystone/keystone.conf 并修改管理员令牌 Admin token, SQLAlchemy, Catalog 目录
admin_token = adminconnection = mysql://keystone:openstack@10.211.55.17/keystone[catalog] driver = keystone.catalog.backends.sql.Catalog重启 Keystone.
$ sudo service keystone restart同步数据库
$ keystone-manage db_sync编辑 /home/$user/.bashrc
export SERVICE_TOKEN=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=http://10.211.55.17:5000/v2.0/ export SERVICE_ENDPOINT=http://10.211.55.17:35357/v2.0/设置环境变量
$ source ./home/$user/.bashrcAdd keystone users.
$ keystone user-create --name admin --pass openstack --email admin@foobar.com $ keystone user-create --name nova --pass openstack --email nova@foobar.com $ keystone user-create --name glance --pass openstack --email glance@foobar.com $ keystone user-create --name swift --pass openstack --email swift@foobar.com $ keystone user-create --name cinder --pass openstack --email cinder@foobar.com $ keystone user-create --name quantum --pass openstack --email quantum@foobar.comCreate roles.
$ keystone role-create --name admin $ keystone role-create --name MemberCreate tenants.
$ keystone tenant-create --name=service $ keystone tenant-create --name=adminCreate services.
$ keystone service-create --name nova --type compute --description "OpenStack Compute Service" $ keystone service-create --name volume --type volume --description "OpenStack Volume Service" $ keystone service-create --name glance --type image --description "OpenStack Image Service" $ keystone service-create --name swift --type object-store --description "OpenStack Storage Service" $ keystone service-create --name keystone --type identity --description "OpenStack Identity Service" $ keystone service-create --name ec2 --type ec2 --description "EC2 Service" $ keystone service-create --name cinder --type volume --description "Cinder Service" $ keystone service-create --name quantum --type network --description "OpenStack Networking service"Create endpoints.
# For Nova-api$ keystone endpoint-create --region myregion --service_id bbbd1945908f4fae90530e8721df650d --publicurl "http://10.211.55.17:8774/v2/%(tenant_id)s" --adminurl "http://10.211.55.17:8774/v2/%(tenant_id)s" --internalurl "http://10.211.55.17:8774/v2/%(tenant_id)s"# For Nova-volume$ keystone endpoint-create --region myregion --service_id 53a8ae206b3645368daa9db4fe149ee5 --publicurl "http://10.211.55.17:8776/v1/%(tenant_id)s" --adminurl "http://10.211.55.17:8776/v1/%(tenant_id)s" --internalurl "http://10.211.55.17:8776/v1/%(tenant_id)s"#For Glance$ keystone endpoint-create --region myregion --service_id 4088ac79a42d4495977465a782fbf03f --publicurl "http://10.211.55.17:9292/v1" --adminurl "http://10.211.55.17:9292/v1" --internalurl "http://10.211.55.17:9292/v1"# For Swift$ keystone endpoint-create --region myregion --service_id 259703bf8d3c4b5e8aad1179fa8171bd --publicurl "http://10.211.55.17:8080/v1/AUTH_%(tenant_id)s" --adminurl "http://10.211.55.17:8080/v1" --internalurl "http://10.211.55.17:8080/v1/AUTH_%(tenant_id)s"#For Identity Service$ keystone endpoint-create --region myregion --service_id 1f46270f7c774a0786ec6ea590d99b7c --publicurl "http://10.211.55.17:5000/v2.0" --adminurl "http://10.211.55.17:35357/v2.0" --internalurl "http://10.211.55.17:5000/v2.0"#For EC2_compatibility$ keystone endpoint-create --region myregion --service_id 58e531e33059482f940de8ba9e97e5d1 --publicurl "http://10.211.55.17:8773/services/Cloud" --adminurl "http://10.211.55.17:8773/services/Admin" --internalurl "http://10.211.55.17:8773/services/Cloud"#For Cinder$ keystone endpoint-create --region myregion --service_id 65a888cf384d4c68b595196661cee87d --publicurl "http://10.211.55.17:8776/v1/%(tenant_id)s" --adminurl "http://10.211.55.17:8776/v1/%(tenant_id)s" --internalurl "http://10.211.55.17:8776/v1/%(tenant_id)s"#For Quantum$ keystone endpoint-create --region myregion --service-id 59877a8f97f04a2aad1e8164e14d7450 --publicurl "http://10.211.55.17:9696/v2" --adminurl "http://10.211.55.17:9696/v2" --internalurl "http://10.211.55.17:9696/v2"Retrieve all the ids.
$ keystone tenant-list+----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | 2a76a11b872e4ca18adb3162924735af | service | True | | 950fe8e5ed5f4659a8556ac836e8943d | admin | True | +----------------------------------+---------+---------+$ keystone user-list+----------------------------------+---------+---------+--------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+--------------------+ | 1d64219fcdeb41c3a163a761c61ef280 | nova | True | nova@foobar.com | | 223c1711de5446f9b99c71803fc488db | quantum | True | quantum@foobar.com | | 45e9461fa61e48f99de1adcd0b38eae7 | admin | True | admin@foobar.com | | af4a1747e71d48c7834c408678f27316 | cinder | True | cinder@foobar.com | | ceade796dee047b8b3488661a29f23cd | glance | True | glance@foobar.com | | e3b2c1c3082c4545888329d0862ffcf1 | swift | True | swift@foobar.com | +----------------------------------+---------+---------+--------------------+$ keystone role-list+----------------------------------+--------+ | id | name | +----------------------------------+--------+ | de031f37231b4d4cafb0af9f56dba100 | Member | | e45af7cf33be4dac8070aa8310144ce3 | admin | +----------------------------------+--------+$ keystone service-list+----------------------------------+----------+--------------+------------------------------+ | id | name | type | description | +----------------------------------+----------+--------------+------------------------------+ | 1f46270f7c774a0786ec6ea590d99b7c | keystone | identity | OpenStack Identity Service | | 259703bf8d3c4b5e8aad1179fa8171bd | swift | object-store | OpenStack Storage Service | | 4088ac79a42d4495977465a782fbf03f | glance | image | OpenStack Image Service | | 53a8ae206b3645368daa9db4fe149ee5 | volume | volume | OpenStack Volume Service | | 58e531e33059482f940de8ba9e97e5d1 | ec2 | ec2 | EC2 Service | | 65a888cf384d4c68b595196661cee87d | cinder | volume | Cinder Service | | 72c2cd62020f4c349e64a383b05daf8b | quantum | network | OpenStack Networking service | | bbbd1945908f4fae90530e8721df650d | nova | compute | OpenStack Compute Service | +----------------------------------+----------+--------------+------------------------------+Adding roles.
# User admin <> role admin <> tenant admin$ keystone user-role-add --user_id 45e9461fa61e48f99de1adcd0b38eae7 --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 950fe8e5ed5f4659a8556ac836e8943d# User nova <> role admin <> tenant service$ keystone user-role-add --user_id 1d64219fcdeb41c3a163a761c61ef280 --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 2a76a11b872e4ca18adb3162924735af# User glance <> role admin <> tenant service$ keystone user-role-add --user_id e3b2c1c3082c4545888329d0862ffcf1 --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 2a76a11b872e4ca18adb3162924735af# User swift <> role admin <> tenant service$ keystone user-role-add --user_id e3b2c1c3082c4545888329d0862ffcf1 --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 2a76a11b872e4ca18adb3162924735af# User admin <> role Member <> tenant admin$ keystone user-role-add --user_id 45e9461fa61e48f99de1adcd0b38eae7 --role_id de031f37231b4d4cafb0af9f56dba100 --tenant_id 950fe8e5ed5f4659a8556ac836e8943d# User cinder <> role admin <> tenant service$ keystone user-role-add --user_id af4a1747e71d48c7834c408678f27316 --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 2a76a11b872e4ca18adb3162924735af# User quantum <> role admin <> tenant service$ keystone user-role-add --user_id 223c1711de5446f9b99c71803fc488db --role_id e45af7cf33be4dac8070aa8310144ce3 --tenant_id 2a76a11b872e4ca18adb3162924735af# User swift <> role Member <> service admin$ keystone user-role-add --user_id e3b2c1c3082c4545888329d0862ffcf1 --role_id de031f37231b4d4cafb0af9f56dba100 --tenant_id 950fe8e5ed5f4659a8556ac836e8943d
下面是安装时的具体参考:root@nova03:~# keystone user-list +----------------------------------+---------+---------+--------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+--------------------+ | 220409ffe031451db6c15e2ffdb1e0dc | admin | True | admin@foobar.com | | 28144d170a3e478697c04b7768a4ab41 | quantum | True | quantum@foobar.com | | 66f135de0b8b4fabb7863b1a63a85b28 | nova | True | nova@foobar.com | | 90fac6c10b9847738a1f014f5cde34d0 | swift | True | swift@foobar.com | | c40dcdca4fc64714a2f090633e4b3628 | cinder | True | cinder@foobar.com | | dee65cf22b294b8fa6bf53a2bed2b16a | glance | True | glance@foobar.com | +----------------------------------+---------+---------+--------------------+ root@nova03:~# keystone role-list +----------------------------------+--------+ | id | name | +----------------------------------+--------+ | ba2718236af44f6a9309208822ab1f81 | admin | | edb6ecca928a4e31be97d2a7fe232de8 | Member | +----------------------------------+--------+ root@nova03:~# keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | +----------------------------------+---------+---------+ | 5e5f8ab62903419e885707926f38a3a2 | admin | True | | ab03a3b1ef454342a076f3176037da53 | service | True | keystone user-role-add --user_id 220409ffe031451db6c15e2ffdb1e0dc --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id 5e5f8ab62903419e885707926f38a3a2 keystone user-role-add --user_id 66f135de0b8b4fabb7863b1a63a85b28 --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id ab03a3b1ef454342a076f3176037da53 keystone user-role-add --user_id dee65cf22b294b8fa6bf53a2bed2b16a --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id ab03a3b1ef454342a076f3176037da53 keystone user-role-add --user_id 90fac6c10b9847738a1f014f5cde34d0 --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id ab03a3b1ef454342a076f3176037da53 keystone user-role-add --user_id c40dcdca4fc64714a2f090633e4b3628 --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id ab03a3b1ef454342a076f3176037da53 keystone user-role-add --user_id 28144d170a3e478697c04b7768a4ab41 --role_id ba2718236af44f6a9309208822ab1f81 --tenant_id ab03a3b1ef454342a076f3176037da53 keystone user-role-add --user_id 220409ffe031451db6c15e2ffdb1e0dc --role_id edb6ecca928a4e31be97d2a7fe232de8 --tenant_id 5e5f8ab62903419e885707926f38a3a2 keystone user-role-add --user_id 90fac6c10b9847738a1f014f5cde34d0 --role_id edb6ecca928a4e31be97d2a7fe232de8 --tenant_id 5e5f8ab62903419e885707926f38a3a2 root@nova03:~# keystone service-list +----------------------------------+----------+--------------+------------------------------+ | id | name | type | description | +----------------------------------+----------+--------------+------------------------------+ | 2999604331804152ad89765a4c551a12 | volume | volume | OpenStack Volume Service | | 30004f809001418e8dc8a4512b9d5d85 | cinder | volume | Cinder Service | | 3c753688b7aa45e69be07b9a7dc4a500 | nova | compute | OpenStack Compute Service | | 49eae90f70254214bdefcbae29fbdb1f | glance | image | OpenStack Image Service | | b6fa68479ace4458a0a2b0869aec3099 | swift | object-store | OpenStack Storage Service | | bc47150ef1664b25ac4a0733baf05a45 | keystone | identity | OpenStack Identity Service | | ec7d69a76714424b8b87a90f3a5550e6 | ec2 | ec2 | EC2 Service | | f3a0a033206641f68b505e7c337b2049 | quantum | network | OpenStack Networking service | # For Nova-api $ keystone endpoint-create --region myregion --service_id 2999604331804152ad89765a4c551a12 --publicurl "http://192.168.2.13:8774/v2/%(tenant_id)s" --adminurl "http://192.168.2.13:8774/v2/%(tenant_id)s" --internalurl "http://192.168.2.13:8774/v2/%(tenant_id)s" # For Nova-volume $ keystone endpoint-create --region myregion --service_id 2999604331804152ad89765a4c551a12 --publicurl "http://192.168.2.13:8776/v1/%(tenant_id)s" --adminurl "http://192.168.2.13:8776/v1/%(tenant_id)s" --internalurl "http://192.168.2.13:8776/v1/%(tenant_id)s" #For Glance $ keystone endpoint-create --region myregion --service_id 49eae90f70254214bdefcbae29fbdb1f --publicurl "http://192.168.2.13:9292/v1" --adminurl "http://192.168.2.13:9292/v1" --internalurl "http://192.168.2.13:9292/v1" # For Swift keystone endpoint-create --region myregion --service_id b6fa68479ace4458a0a2b0869aec3099 --publicurl "http://192.168.2.13:8080/v1/AUTH_%(tenant_id)s" --adminurl "http://192.168.2.13:8080/v1" --internalurl "http://192.168.2.13:8080/v1/AUTH_%(tenant_id)s" #For Identity Service $ keystone endpoint-create --region myregion --service_id bc47150ef1664b25ac4a0733baf05a45 --publicurl "http://192.168.2.13:5000/v2.0" --adminurl "http://192.168.2.13:35357/v2.0" --internalurl "http://192.168.2.13:5000/v2.0" #For EC2_compatibility $ keystone endpoint-create --region myregion --service_id ec7d69a76714424b8b87a90f3a5550e6 --publicurl "http://192.168.2.13:8773/services/Cloud" --adminurl "http://192.168.2.13:8773/services/Admin" --internalurl "http://192.168.2.13:8773/services/Cloud" #For Cinder $ keystone endpoint-create --region myregion --service_id 30004f809001418e8dc8a4512b9d5d85 --publicurl "http://192.168.2.13:8776/v1/%(tenant_id)s" --adminurl "http://192.168.2.13:8776/v1/%(tenant_id)s" --internalurl "http://192.168.2.13:8776/v1/%(tenant_id)s" #For Quantum $ keystone endpoint-create --region myregion --service-id f3a0a033206641f68b505e7c337b2049 --publicurl "http://192.168.2.13:9696/v2" --adminurl "http://192.168.2.13:9696/v2" --internalurl "http://192.168.2.13:9696/v2"
glance add name="cirros-0.3.0-x86_64-disk" is_public=true container_format=ovf \ disk_format=qcow2 < /root/precise-server-cloudimg-amd64-disk1.img
问题汇总:1.keystone user-list执行显示下列信息/usr/lib/python2.7/dist-packages/webob/dec.py:142: DeprecationWarning: Response.request and Response.environ are deprecated req.response.request = req
root@nova03:/etc/glance# glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
Request returned failure status.
None
Invalid OpenStack Identity credentials.
root@nova03:/etc/glance# less /var/log/glance/
api.log registry.log
root@nova03:/etc/glance# less /var/log/glance/
api.log registry.log
root@nova03:/etc/glance# less /var/log/glance/api.log
root@nova03:/etc/glance# grep ERROR /var/log/glance/api.log
2012-10-21 14:28:10 9220 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:10 9220 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:11 9481 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:11 9481 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:29:53 9493 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:29:53 9493 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
root@nova03:/etc/glance# grep ERROR /var/log/glance/registry.log
2012-10-21 14:28:00 9266 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:00 9266 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:03 9455 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:28:03 9455 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:29:53 9467 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received
2012-10-21 14:29:53 9467 ERROR eventlet.wsgi.server [-] SIGTERM or SIGINT received