OpenStack完整安装手册(CentOS6.2)

openstack 专栏收录该内容
41 篇文章 0 订阅

转自:http://blog.lightcloud.cn/?p=91#comment-182

|---------+--------------------------------------|
| Author  | yz                                   |
|---------+--------------------------------------|
| Date    | 2012-4-6                             |
|---------+--------------------------------------|
| Version | v0.1                                 |
|---------+--------------------------------------|
| Website | http://bbs.linuxtone.org             |
|---------+--------------------------------------|
| Contact | Mail: atkisc@gmail.com QQ: 949587200 |
|---------+--------------------------------------|

1 实验环境

  • 硬件:
    DELL R710(1台)

    |------+----------------------------------------------------------------|
    | CPU  | Intel(R) Xeon(R) CPU E5620  @ 2.40GHz * 2                      |
    |------+----------------------------------------------------------------|
    | MEM  | 48GB                                                           |
    |------+----------------------------------------------------------------|
    | DISK | 300GB                                                          |
    |------+----------------------------------------------------------------|
    | NIC  | Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet * 4 |
    |------+----------------------------------------------------------------|

    DELL R410(1台)

    |------+----------------------------------------------------------------|
    | CPU  | Intel(R) Xeon(R) CPU E5606  @ 2.13GHz * 2                      |
    |------+----------------------------------------------------------------|
    | MEM  | 8GB                                                            |
    |------+----------------------------------------------------------------|
    | DISK | 1T * 4                                                         |
    |------+----------------------------------------------------------------|
    | NIC  | Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet * 4 |
    |------+----------------------------------------------------------------|
  • 系统:
    CentOS 6.2 x64
  • Openstack版本:
    Essex release2012.1

2 架构部署

  • 配置信息
    |-------------------+---------------+-------------+--------------|
    | Machine/Hostname  |   External IP | Internal IP | Used for     |
    |-------------------+---------------+-------------+--------------|
    | DELL R410/Control | 60.12.206.105 | 192.168.1.2 | Control Node |
    | DELL R710/Compute |  60.12.206.99 | 192.168.1.3 | Compute Node |
    |-------------------+---------------+-------------+--------------|

    实例网段为10.0.0.0/24,Floating IP为60.12.206.110,实例网段桥接在内网网卡上,网络模式采用FlatDHCP
    控制节点 /dev/sda为系统盘,/dev/sdb为nova-volume盘,/dev/sdc、/dev/sdd为swift存储用

  • 服务器系统安装
    1. CentOS 6.2 x64使用最小化安装方式
    2. 服务器外网使用eth0
    3. 服务器内网使用eth1
    4. 所有服务均监听

3 控制节点安装

3.1 前提工作

  • 导入第三方软件源
    rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
    rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
  • 安装依赖包
    yum -y install swig libvirt-python libvirt qemu-kvm python-pip gcc make gcc-c++ patch m4 python-devel libxml2-devel libxslt-devel libgsasl-devel openldap-devel sqlite-devel openssl-devel wget telnet gpxe-bootimgs gpxe-roms gpxe-roms-qemu dmidecode git scsi-target-utils kpartx socat vconfig aoetools
    rpm -Uvh http://veillard.com/libvirt/6.3/x86_64/dnsmasq-utils-2.48-6.el6.x86_64.rpm
    ln -sv /usr/bin/pip-python /usr/bin/pip
  • 更新内核通过uname -r 查看原内核版本,应如下:
    2.6.32-220.el6.x86_64
    yum -y install kernel kernel-devel
    init 6

    通过uname -r 查看更新后内核版本,应如下:

    2.6.32-220.7.1.el6.x86_64

3.2 NTP时钟服务安装

  • 安装NTP时钟同步服务器
    yum install -y ntp
  • 编辑/etc/ntp.conf,将文件内容替换为如下:
    restrict default ignore
    restrict 127.0.0.1
    restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
    server ntp.api.bz
    server  127.127.1.0
    fudge   127.127.1.0 stratum 10
    driftfile /var/lib/ntp/drift
    keys /etc/ntp/keys
  • 重启ntp服务
    /etc/init.d/ntpd start

3.3 MYSQL数据库服务安装

  • 安装MYSQL数据库服务
    yum install -y mysql-server
  • 更改MYSQL数据库服务监听内网网卡IP
    sed -i '/symbolic-links=0/a bind-address = 192.168.1.2' /etc/my.cnf
  • 启动MYSQL数据库服务
    /etc/init.d/mysqld start
  • 设置MYSQL的root用户密码为openstack
    mysqladmin -uroot password 'openstack';history -c
  • 检测服务是否正常启动通过netstat -ltunp查看是否有tcp 3306端口监听
    如果没有正常启动请查看/var/log/mysqld.log文件排错

3.4 RABBITMQ消息队列服务安装

  • 安装RABBITMQ消息队列服务
    yum -y install rabbitmq-server
  • 启动RABBITMQ消息队列服务
    /etc/init.d/rabbitmq-server start
  • 更改RABBITMQ消息队列服务guest用户默认密码为openstack
    rabbitmqctl change_password guest openstack

3.5 PYTHON-NOVACLIENT库安装

  • 下载源码包
    wget https://launchpad.net/nova/essex/2012.1/+download/python-novaclient-2012.1.tar.gz -P /opt
  • 安装依赖包
    yum -y install python-simplejson python-prettytable python-argparse python-nose1.1 python-httplib2 python-virtualenv MySQL-python
  • 解压并安装PYTHON-NOVACLIENT库
    cd /opt
    tar xf python-novaclient-2012.1.tar.gz
    cd python-novaclient-2012.1
    python setup.py install
    rm -f ../python-novaclient-2012.1.tar.gz

3.6 KEYSTONE身份认证服务安装

  • 下载源码包
    wget https://launchpad.net/keystone/essex/2012.1/+download/keystone-2012.1.tar.gz -P /opt
  • 安装依赖包
    yum install -y python-eventlet python-greenlet python-paste python-passlib
    pip install routes==1.12.3 lxml==2.3 pam==0.1.4 passlib sqlalchemy-migrate==0.7.2 PasteDeploy==1.5.0 SQLAlchemy==0.7.3 WebOb==1.0.8
  • 解压并安装KEYSTONE身份认证服务
    cd /opt
    tar xf keystone-2012.1.tar.gz
    cd keystone-2012.1
    python setup.py install
    rm -f ../keystone-2012.1.tar.gz

3.7 PYTHON-KEYSTONECLIENT库安装

  • 下载源码包
    wget https://launchpad.net/keystone/essex/2012.1/+download/python-keystoneclient-2012.1.tar.gz -P /opt
  • 解压并安装PYTHON-KEYSTONECLIENT库
    cd /opt
    tar xf python-keystoneclient-2012.1.tar.gz
    cd python-keystoneclient-2012.1
    python setup.py install
    rm -f ../python-keystoneclient-2012.1.tar.gz

3.8 SWIFT对象存储服务安装

  • 下载源码包
    wget https://launchpad.net/swift/essex/1.4.8/+download/swift-1.4.8.tar.gz -P /opt
  • 安装依赖包
    pip install configobj==4.7.1 netifaces==0.6
  • 解压并安装SWIFT对象存储服务
    cd /opt
    tar xf swift-1.4.8.tar.gz
    cd swift-1.4.8
    python setup.py install
    rm -f ../swift-1.4.8.tar.gz

3.9 GLANCE镜像存储服务安装

  • 下载源码包
    wget https://launchpad.net/glance/essex/2012.1/+download/glance-2012.1.tar.gz -P /opt
  • 安装依赖包
    yum install -y python-anyjson python-kombu m2crypto
    pip install xattr==0.6.0 iso8601==0.1.4 pysendfile==2.0.0 pycrypto==2.3 wsgiref boto==2.1.1
  • 解压并安装GLANCE镜像存储服务
    cd /opt
    tar xf glance-2012.1.tar.gz
    cd glance-2012.1
    python setup.py install
    rm -f ../glance-2012.1.tar.gz

3.10 NOVA计算服务安装

  • 下载源码包
    wget https://launchpad.net/nova/essex/2012.1/+download/nova-2012.1.tar.gz -P /opt
  • 安装依赖包
    yum install -y python-amqplib python-carrot python-lockfile python-gflags python-netaddr python-suds python-paramiko python-feedparser
    pip install Cheetah==2.4.4 python-daemon==1.5.5 Babel==0.9.6
  • 解压并安装NOVA计算服务
    cd /opt
    tar xf nova-2012.1.tar.gz
    cd nova-2012.1
    python setup.py install
    rm -f ../nova-2012.1.tar.gz

3.11 HORIZON管理面板安装

  • 下载源码包
    wget https://launchpad.net/horizon/essex/2012.1/+download/horizon-2012.1.tar.gz -P /opt
  • 安装依赖包
    yum install -y python-django-nose python-dateutil python-cloudfiles python-django python-django-integration-apache httpd
  • 解压并安装HORIZON管理面板
    cd /opt
    tar xf horizon-2012.1.tar.gz
    cd horizon-2012.1
    python setup.py install
    rm -f ../horizon-2012.1.tar.gz

3.12 NOVNC WEB访问安装

  • 下载源码包
    git clone https://github.com/cloudbuilders/noVNC.git /opt/noVNC
  • 安装依赖包
    yum install  -y python-numdisplay

3.13 KEYSTONE身份认证服务配置

  • 建立KEYSTONE服务数据库
    mysql -uroot -popenstack -e 'create database keystone'
  • 建立KEYSTONE服务配置文件存放目录
    mkdir /etc/keystone
  • 建立KEYSTONE服务启动用户
    useradd -s /sbin/nologin -m -d /var/log/keystone keystone
  • 在/etc/keystone建立default_catalog.templates作为KEYSTONE服务服务点配置文件,内容如下:
    catalog.RegionOne.identity.publicURL = http://60.12.206.105:$(public_port)s/v2.0
    catalog.RegionOne.identity.adminURL = http://60.12.206.105:$(admin_port)s/v2.0
    catalog.RegionOne.identity.internalURL = http://60.12.206.105:$(public_port)s/v2.0
    catalog.RegionOne.identity.name = Identity Service
    
    catalog.RegionOne.compute.publicURL = http://60.12.206.105:8774/v2/$(tenant_id)s
    catalog.RegionOne.compute.adminURL = http://60.12.206.105:8774/v2/$(tenant_id)s
    catalog.RegionOne.compute.internalURL = http://60.12.206.105:8774/v2/$(tenant_id)s
    catalog.RegionOne.compute.name = Compute Service
    
    catalog.RegionOne.volume.publicURL = http://60.12.206.105:8776/v1/$(tenant_id)s
    catalog.RegionOne.volume.adminURL = http://60.12.206.105:8776/v1/$(tenant_id)s
    catalog.RegionOne.volume.internalURL = http://60.12.206.105:8776/v1/$(tenant_id)s
    catalog.RegionOne.volume.name = Volume Service
    
    catalog.RegionOne.ec2.publicURL = http://60.12.206.105:8773/services/Cloud
    catalog.RegionOne.ec2.adminURL = http://60.12.206.105:8773/services/Admin
    catalog.RegionOne.ec2.internalURL = http://60.12.206.105:8773/services/Cloud
    catalog.RegionOne.ec2.name = EC2 Service
    
    catalog.RegionOne.s3.publicURL = http://60.12.206.105:3333
    catalog.RegionOne.s3.adminURL = http://60.12.206.105:3333
    catalog.RegionOne.s3.internalURL = http://60.12.206.105:3333
    catalog.RegionOne.s3.name = S3 Service
    
    catalog.RegionOne.image.publicURL = http://60.12.206.105:9292/v1
    catalog.RegionOne.image.adminURL = http://60.12.206.105:9292/v1
    catalog.RegionOne.image.internalURL = http://60.12.206.105:9292/v1
    catalog.RegionOne.image.name = Image Service
    
    catalog.RegionOne.object_store.publicURL = http://60.12.206.105:8080/v1/AUTH_$(tenant_id)s
    catalog.RegionOne.object_store.adminURL = http://60.12.206.105:8080/
    catalog.RegionOne.object_store.internalURL = http://60.12.206.105:8080/v1/AUTH_$(tenant_id)s
    catalog.RegionOne.object_store.name = Swift Service
  • 在/etc/keystone建立policy.json作为KEYSTONE服务策略文件,内容如下:
    {
        "admin_required": [["role:admin"], ["is_admin:1"]]
    }
  • 在/etc/keystone建立keystone.conf作为KEYSTONE服务配置文件,内容如下:
    [DEFAULT]
    public_port = 5000
    admin_port = 35357
    admin_token = ADMIN
    compute_port = 8774
    verbose = True
    debug = True
    log_file = /var/log/keystone/keystone.log
    use_syslog = False
    syslog_log_facility = LOG_LOCAL0
    
    [sql]
    connection = mysql://root:openstack@localhost/keystone
    idle_timeout = 30
    min_pool_size = 5
    max_pool_size = 10
    pool_timeout = 200
    
    [identity]
    driver = keystone.identity.backends.sql.Identity
    
    [catalog]
    driver = keystone.catalog.backends.templated.TemplatedCatalog
    template_file = /etc/keystone/default_catalog.templates
    
    [token]
    driver = keystone.token.backends.kvs.Token
    
    [policy]
    driver = keystone.policy.backends.simple.SimpleMatch
    
    [ec2]
    driver = keystone.contrib.ec2.backends.sql.Ec2
    
    [filter:debug]
    paste.filter_factory = keystone.common.wsgi:Debug.factory
    
    [filter:token_auth]
    paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
    
    [filter:admin_token_auth]
    paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
    
    [filter:xml_body]
    paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
    
    [filter:json_body]
    paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
    
    [filter:crud_extension]
    paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
    
    [filter:ec2_extension]
    paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
    
    [filter:s3_extension]
    paste.filter_factory = keystone.contrib.s3:S3Extension.factory
    
    [app:public_service]
    paste.app_factory = keystone.service:public_app_factory
    
    [app:admin_service]
    paste.app_factory = keystone.service:admin_app_factory
    
    [pipeline:public_api]
    pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension public_service
    
    [pipeline:admin_api]
    pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension crud_extension admin_service
    
    [app:public_version_service]
    paste.app_factory = keystone.service:public_version_app_factory
    
    [app:admin_version_service]
    paste.app_factory = keystone.service:admin_version_app_factory
    
    [pipeline:public_version_api]
    pipeline = xml_body public_version_service
    
    [pipeline:admin_version_api]
    pipeline = xml_body admin_version_service
    
    [composite:main]
    use = egg:Paste#urlmap
    /v2.0 = public_api
    / = public_version_api
    
    [composite:admin]
    use = egg:Paste#urlmap
    /v2.0 = admin_api
    / = admin_version_api
  • 在/etc/init.d/下建立名为keystone的KEYSTONE服务启动脚本,内容如下:
    #!/bin/sh
    #
    # keystone  OpenStack Identity Service
    #
    # chkconfig:   - 20 80
    # description: keystone works provide apis to  \
    #               * Authenticate users and provide a token \
    #               * Validate tokens
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    prog=keystone
    prog_exec=keystone-all
    exec="/usr/bin/$prog_exec"
    config="/etc/$prog/$prog.conf"
    pidfile="/var/run/$prog/$prog.pid"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/subsys/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user keystone --pidfile $pidfile "$exec --config-file=$config &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 配置启动脚本:
    chmod 755 /etc/init.d/keystone
    mkdir /var/run/keystone
    mkdir /var/lock/keystone
    chown keystone:root /var/run/keystone
    chown keystone:root /var/lock/keystone
  • 启动KEYSTONE服务
    /etc/init.d/keystone start
  • 检测服务是否正常启动通过netstat -ltunp查看是否有tcp 5000和tcp 35357端口监听
    如果没有正常启动请查看/var/log/keystone/keystone.log文件排错
  • 建立KEYSTONE服务初始化数据脚本keystone_data.sh,内容如下:
    #!/bin/bash
    # Variables set before calling this script:
    # SERVICE_TOKEN - aka admin_token in keystone.conf
    # SERVICE_ENDPOINT - local Keystone admin endpoint
    # SERVICE_TENANT_NAME - name of tenant containing service accounts
    # ENABLED_SERVICES - stack.sh's list of services to start
    # DEVSTACK_DIR - Top-level DevStack directory
    
    ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
    SERVICE_PASSWORD=${SERVICE_PASSWORD:-service}
    export SERVICE_TOKEN=ADMIN
    export SERVICE_ENDPOINT=http://localhost:35357/v2.0
    SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-tenant}
    
    function get_id () {
        echo `$@ | awk '/ id / { print $4 }'`
    }
    
    # Tenants
    ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
    SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
    DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
    INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
    
    # Users
    ADMIN_USER=$(get_id keystone user-create --name=admin \
                                             --pass="$ADMIN_PASSWORD" \
                                             --email=admin@example.com)
    DEMO_USER=$(get_id keystone user-create --name=demo \
                                            --pass="$ADMIN_PASSWORD" \
                                            --email=demo@example.com)
    
    # Roles
    ADMIN_ROLE=$(get_id keystone role-create --name=admin)
    KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
    KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
    ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
    
    # Add Roles to Users in Tenants
    keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
    keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
    keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
    
    # TODO(termie): these two might be dubious
    keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
    keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
    
    # The Member role is used by Horizon and Swift so we need to keep it:
    MEMBER_ROLE=$(get_id keystone role-create --name=Member)
    keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
    keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
    
    NOVA_USER=$(get_id keystone user-create --name=nova \
                                            --pass="$SERVICE_PASSWORD" \
                                            --tenant_id $SERVICE_TENANT \
                                            --email=nova@example.com)
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user $NOVA_USER \
                           --role $ADMIN_ROLE
    
    GLANCE_USER=$(get_id keystone user-create --name=glance \
                                              --pass="$SERVICE_PASSWORD" \
                                              --tenant_id $SERVICE_TENANT \
                                              --email=glance@example.com)
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user $GLANCE_USER \
                           --role $ADMIN_ROLE
    
    SWIFT_USER=$(get_id keystone user-create --name=swift \
                                             --pass="$SERVICE_PASSWORD" \
                                             --tenant_id $SERVICE_TENANT \
                                             --email=swift@example.com)
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user $SWIFT_USER \
                           --role $ADMIN_ROLE
    
    RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
    keystone user-role-add --tenant_id $SERVICE_TENANT \
                           --user $NOVA_USER \
                           --role $RESELLER_ROLE
  • 建立KEYSTONE服务数据库结构
    keystone-manage db_sync
  • 执行初始化数据脚本
    bash keystone_data.sh

3.14 GLANCE镜像存储服务配置

3.15 建立GLANCE服务数据库

mysql -uroot -popenstack -e 'create database glance'
  • 建立GLANCE服务配置文件存放目录
    mkdir /etc/glance
  • 建立GLANCE服务启动用户
    useradd -s /sbin/nologin -m -d /var/log/glance glance
  • 在/etc/glance建立glance-api.conf作为GLANCE-API服务配置文件,内容如下:
    [DEFAULT]
    # Show more verbose log output (sets INFO log level output)
    verbose = True
    
    # Show debugging output in logs (sets DEBUG log level output)
    debug = True
    
    # Which backend store should Glance use by default is not specified
    # in a request to add a new image to Glance? Default: 'file'
    # Available choices are 'file', 'swift', and 's3'
    default_store = file
    
    # Address to bind the API server
    bind_host = 0.0.0.0
    
    # Port the bind the API server to
    bind_port = 9292
    
    # Address to find the registry server
    registry_host = 0.0.0.0
    
    # Port the registry server is listening on
    registry_port = 9191
    
    # Log to this file. Make sure you do not set the same log
    # file for both the API and registry servers!
    log_file = /var/log/glance/api.log
    
    # Send logs to syslog (/dev/log) instead of to file specified by `log_file`
    use_syslog = False
    
    # ============ Notification System Options =====================
    
    # Notifications can be sent when images are create, updated or deleted.
    # There are three methods of sending notifications, logging (via the
    # log_file directive), rabbit (via a rabbitmq queue) or noop (no
    # notifications sent, the default)
    notifier_strategy = noop
    
    # Configuration options if sending notifications via rabbitmq (these are
    # the defaults)
    rabbit_host = localhost
    rabbit_port = 5672
    rabbit_use_ssl = false
    rabbit_userid = guest
    rabbit_password = openstack
    rabbit_virtual_host = /
    rabbit_notification_topic = glance_notifications
    
    # ============ Filesystem Store Options ========================
    
    # Directory that the Filesystem backend store
    # writes image data to
    filesystem_store_datadir = /var/lib/glance/images/
    
    # ============ Swift Store Options =============================
    
    # Address where the Swift authentication service lives
    swift_store_auth_address = 127.0.0.1:8080/v1.0/
    
    # User to authenticate against the Swift authentication service
    swift_store_user = jdoe
    
    # Auth key for the user authenticating against the
    # Swift authentication service
    swift_store_key = a86850deb2742ec3cb41518e26aa2d89
    
    # Container within the account that the account should use
    # for storing images in Swift
    swift_store_container = glance
    
    # Do we create the container if it does not exist?
    swift_store_create_container_on_put = False
    
    # What size, in MB, should Glance start chunking image files
    # and do a large object manifest in Swift? By default, this is
    # the maximum object size in Swift, which is 5GB
    swift_store_large_object_size = 5120
    
    # When doing a large object manifest, what size, in MB, should
    # Glance write chunks to Swift? This amount of data is written
    # to a temporary disk buffer during the process of chunking
    # the image file, and the default is 200MB
    swift_store_large_object_chunk_size = 200
    
    # Whether to use ServiceNET to communicate with the Swift storage servers.
    # (If you aren't RACKSPACE, leave this False!)
    #
    # To use ServiceNET for authentication, prefix hostname of
    # `swift_store_auth_address` with 'snet-'.
    # Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/
    swift_enable_snet = False
    
    # ============ S3 Store Options =============================
    
    # Address where the S3 authentication service lives
    s3_store_host = 127.0.0.1:8080/v1.0/
    
    # User to authenticate against the S3 authentication service
    s3_store_access_key = <20-char AWS access key>
    
    # Auth key for the user authenticating against the
    # S3 authentication service
    s3_store_secret_key = <40-char AWS secret key>
    
    # Container within the account that the account should use
    # for storing images in S3. Note that S3 has a flat namespace,
    # so you need a unique bucket name for your glance images. An
    # easy way to do this is append your AWS access key to "glance".
    # S3 buckets in AWS *must* be lowercased, so remember to lowercase
    # your AWS access key if you use it in your bucket name below!
    s3_store_bucket = <lowercased 20-char aws access key>glance
    
    # Do we create the bucket if it does not exist?
    s3_store_create_bucket_on_put = False
    
    # ============ Image Cache Options ========================
    
    image_cache_enabled = False
    
    # Directory that the Image Cache writes data to
    # Make sure this is also set in glance-pruner.conf
    image_cache_datadir = /var/lib/glance/image-cache/
    
    # Number of seconds after which we should consider an incomplete image to be
    # stalled and eligible for reaping
    image_cache_stall_timeout = 86400
    
    # ============ Delayed Delete Options =============================
    
    # Turn on/off delayed delete
    delayed_delete = False
    
    # Delayed delete time in seconds
    scrub_time = 43200
    
    # Directory that the scrubber will use to remind itself of what to delete
    # Make sure this is also set in glance-scrubber.conf
    scrubber_datadir = /var/lib/glance/scrubber
  • 在/etc/glance建立glance-api-paste.ini作为GLANCE-API服务认证配置文件,内容如下:
    [pipeline:glance-api]
    #pipeline = versionnegotiation context apiv1app
    # NOTE: use the following pipeline for keystone
    pipeline = versionnegotiation authtoken context apiv1app
    
    # To enable Image Cache Management API replace pipeline with below:
    # pipeline = versionnegotiation context imagecache apiv1app
    # NOTE: use the following pipeline for keystone auth (with caching)
    # pipeline = versionnegotiation authtoken auth-context imagecache apiv1app
    
    [app:apiv1app]
    paste.app_factory = glance.common.wsgi:app_factory
    glance.app_factory = glance.api.v1.router:API
    
    [filter:versionnegotiation]
    paste.filter_factory = glance.common.wsgi:filter_factory
    glance.filter_factory = glance.api.middleware.version_negotiation:VersionNegotiationFilter
    
    [filter:cache]
    paste.filter_factory = glance.common.wsgi:filter_factory
    glance.filter_factory = glance.api.middleware.cache:CacheFilter
    
    [filter:cachemanage]
    paste.filter_factory = glance.common.wsgi:filter_factory
    glance.filter_factory = glance.api.middleware.cache_manage:CacheManageFilter
    
    [filter:context]
    paste.filter_factory = glance.common.wsgi:filter_factory
    glance.filter_factory = glance.common.context:ContextMiddleware
    
    [filter:authtoken]
    paste.filter_factory = keystone.middleware.auth_token:filter_factory
    service_host = 60.12.206.105
    service_port = 5000
    service_protocol = http
    auth_host = 60.12.206.105
    auth_port = 35357
    auth_protocol = http
    auth_uri = http:/60.12.206.105:500/
    admin_tenant_name = tenant
    admin_user = glance
    admin_password = service
  • 在/etc/glance建立glance-registry.conf作为GLANCE-REGISTRY服务配置文件,内容如下:
    [DEFAULT]
    # Show more verbose log output (sets INFO log level output)
    verbose = True
    
    # Show debugging output in logs (sets DEBUG log level output)
    debug = True
    
    # Address to bind the registry server
    bind_host = 0.0.0.0
    
    # Port the bind the registry server to
    bind_port = 9191
    
    # Log to this file. Make sure you do not set the same log
    # file for both the API and registry servers!
    log_file = /var/log/glance/registry.log
    
    # Where to store images
    filesystem_store_datadir = /var/lib/glance/images
    
    # Send logs to syslog (/dev/log) instead of to file specified by `log_file`
    use_syslog = False
    
    # SQLAlchemy connection string for the reference implementation
    # registry server. Any valid SQLAlchemy connection string is fine.
    # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
    sql_connection = mysql://root:openstack@localhost/glance
    
    # Period in seconds after which SQLAlchemy should reestablish its connection
    # to the database.
    #
    # MySQL uses a default `wait_timeout` of 8 hours, after which it will drop
    # idle connections. This can result in 'MySQL Gone Away' exceptions. If you
    # notice this, you can lower this value to ensure that SQLAlchemy reconnects
    # before MySQL can drop the connection.
    sql_idle_timeout = 3600
    
    # Limit the api to return `param_limit_max` items in a call to a container. If
    # a larger `limit` query param is provided, it will be reduced to this value.
    api_limit_max = 1000
    
    # If a `limit` query param is not provided in an api request, it will
    # default to `limit_param_default`
    limit_param_default = 25
  • 在/etc/glance建立glance-registry-paste.ini作为GLANCE-REGISTRY服务认证配置文件,内容如下:
    [pipeline:glance-registry]
    #pipeline = context registryapp
    # NOTE: use the following pipeline for keystone
    pipeline = authtoken context registryapp
    
    [app:registryapp]
    paste.app_factory = glance.common.wsgi:app_factory
    glance.app_factory = glance.registry.api.v1:API
    
    [filter:context]
    context_class = glance.registry.context.RequestContext
    paste.filter_factory = glance.common.wsgi:filter_factory
    glance.filter_factory = glance.common.context:ContextMiddleware
    
    [filter:authtoken]
    paste.filter_factory = keystone.middleware.auth_token:filter_factory
    service_host = 60.12.206.105
    service_port = 5000
    service_protocol = http
    auth_host = 60.12.206.105
    auth_port = 35357
    auth_protocol = http
    auth_uri = http:/60.12.206.105:500/
    admin_tenant_name = tenant
    admin_user = glance
    admin_password = service
  • 在/etc/glance建立policy.json作为GLANCE服务策略文件,内容如下:
    {
        "default": [],
        "manage_image_cache": [["role:admin"]]
    }
  • 在/etc/init.d/下建立名为glance-api的GLANCE-API服务启动脚本,内容如下:
    #!/bin/sh
    #
    # glance-api OpenStack Image Service API server
    #
    # chkconfig:   - 20 80
    # description: OpenStack Image Service (code-named Glance) API server
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: Glance API server
    # Description: OpenStack Image Service (code-named Glance) API server
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=api
    prog=openstack-glance-$suffix
    exec="/usr/bin/glance-$suffix"
    config="/etc/glance/glance-$suffix.conf"
    pidfile="/var/run/glance/glance-$suffix.pid"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/subsys/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user glance --pidfile $pidfile "$exec --config-file=$config &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d/下建立名为glance-registry的GLANCE-REGISTRY服务启动脚本,内容如下:
    #!/bin/sh
    #
    # glance-registry OpenStack Image Service Registry server
    #
    # chkconfig:   - 20 80
    # description: OpenStack Image Service (code-named Glance) Registry server
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: Glance Registry server
    # Description: OpenStack Image Service (code-named Glance) Registry server
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=registry
    prog=openstack-glance-$suffix
    exec="/usr/bin/glance-$suffix"
    config="/etc/glance/glance-$suffix.conf"
    pidfile="/var/run/glance/glance-$suffix.pid"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/subsys/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user glance --pidfile $pidfile "$exec --config-file=$config &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 配置启动脚本:
    chmod 755 /etc/init.d/glance-api
    chmod 755 /etc/init.d/glance-registry
    mkdir /var/run/glance
    mkdir /var/lock/glance
    mkdir /var/lib/glance
    chown glance:root /var/run/glance
    chown glance:root /var/lock/glance
    chown glance:glance /var/lib/glance
  • 启动GLANCE-API和GLANCE-REGISTRY服务
    /etc/init.d/glance-api start
    /etc/init.d/glance-registry start
  • 检测服务是否正常启动通过netstat -ltunp查看是否有tcp 9292和tcp 9191端口监听
    如果没有正常启动请查看/var/log/glance目录下相关文件排错

3.16 NOVA计算服务配置

  • 建立NOVA服务数据库
    mysql -uroot -popenstack -e 'create database nova'
  • 建立NOVA服务配置文件存放目录
    mkdir /etc/nova
  • 建立NOVA服务启动用户
    useradd -s /sbin/nologin -m -d /var/log/nova nova
  • 在/etc/nova建立nova.conf作为NOVA服务配置文件,内容如下:
    [DEFAULT]
    
    debug=True
    log-dir=/var/log/nova
    pybasedir=/var/lib/nova
    use_syslog=False
    verbose=True
    api_paste_config=/etc/nova/api-paste.ini
    auth_strategy=keystone
    bindir=/usr/bin
    glance_host=$my_ip
    glance_port=9292
    glance_api_servers=$glance_host:$glance_port
    image_service=nova.image.glance.GlanceImageService
    lock_path=/var/lock/nova
    my_ip=60.12.206.105
    rabbit_host=localhost
    rabbit_password=openstack
    rabbit_port=5672
    rabbit_userid=guest
    root_helper=sudo
    sql_connection=mysql://root:gamewave@localhost/nova
    keystone_ec2_url=http://$my_ip:5000/v2.0/ec2tokens
    novncproxy_base_url=http://$my_ip:6080/vnc_auto.html
    vnc_enabled=True
    vnc_keymap=en-us
    vncserver_listen=$my_ip
    vncserver_proxyclient_address=$my_ip
    dhcpbridge=$bindir/nova-dhcpbridge
    dhcpbridge_flagfile=/etc/nova/nova.conf
    public_interface=eth0
    routing_source_ip=$my_ip
    fixed_range=10.0.0.0/24
    flat_interface=eth1
    flat_network_bridge=br1
    floating_range=60.12.206.115
    force_dhcp_release=True
    target_host=$my_ip
    target_port=3260
    console_token_ttl=600
    iscsi_helper=ietadm
    iscsi_ip_address=$my_ip
    iscsi_num_targets=100
    iscsi_port=3260
    volume_group=nova-volumes
    ec2_listen=0.0.0.0
    ec2_listen_port=8773
    metadata_listen=0.0.0.0
    metadata_listen_port=8775
    osapi_compute_listen=0.0.0.0
    osapi_compute_listen_port=8774
    osapi_volume_listen=0.0.0.0
    osapi_volume_listen_port=8776
  • 在/etc/nova建立api-paste.ini作为NOVA服务认证配置文件,内容如下:
    ############
    # Metadata #
    ############
    [composite:metadata]
    use = egg:Paste#urlmap
    /: metaversions
    /latest: meta
    /1.0: meta
    /2007-01-19: meta
    /2007-03-01: meta
    /2007-08-29: meta
    /2007-10-10: meta
    /2007-12-15: meta
    /2008-02-01: meta
    /2008-09-01: meta
    /2009-04-04: meta
    
    [pipeline:metaversions]
    pipeline = ec2faultwrap logrequest metaverapp
    
    [pipeline:meta]
    pipeline = ec2faultwrap logrequest metaapp
    
    [app:metaverapp]
    paste.app_factory = nova.api.metadata.handler:Versions.factory
    
    [app:metaapp]
    paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
    
    #######
    # EC2 #
    #######
    
    [composite:ec2]
    use = egg:Paste#urlmap
    /services/Cloud: ec2cloud
    
    [composite:ec2cloud]
    use = call:nova.api.auth:pipeline_factory
    noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor
    deprecated = ec2faultwrap logrequest authenticate cloudrequest validator ec2executor
    keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor
    
    [filter:ec2faultwrap]
    paste.filter_factory = nova.api.ec2:FaultWrapper.factory
    
    [filter:logrequest]
    paste.filter_factory = nova.api.ec2:RequestLogging.factory
    
    [filter:ec2lockout]
    paste.filter_factory = nova.api.ec2:Lockout.factory
    
    [filter:totoken]
    paste.filter_factory = nova.api.ec2:EC2Token.factory
    
    [filter:ec2keystoneauth]
    paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory
    
    [filter:ec2noauth]
    paste.filter_factory = nova.api.ec2:NoAuth.factory
    
    [filter:authenticate]
    paste.filter_factory = nova.api.ec2:Authenticate.factory
    
    [filter:cloudrequest]
    controller = nova.api.ec2.cloud.CloudController
    paste.filter_factory = nova.api.ec2:Requestify.factory
    
    [filter:authorizer]
    paste.filter_factory = nova.api.ec2:Authorizer.factory
    
    [filter:validator]
    paste.filter_factory = nova.api.ec2:Validator.factory
    
    [app:ec2executor]
    paste.app_factory = nova.api.ec2:Executor.factory
    
    #############
    # Openstack #
    #############
    
    [composite:osapi_compute]
    use = call:nova.api.openstack.urlmap:urlmap_factory
    /: oscomputeversions
    /v1.1: openstack_compute_api_v2
    /v2: openstack_compute_api_v2
    
    [composite:osapi_volume]
    use = call:nova.api.openstack.urlmap:urlmap_factory
    /: osvolumeversions
    /v1: openstack_volume_api_v1
    
    [composite:openstack_compute_api_v2]
    use = call:nova.api.auth:pipeline_factory
    noauth = faultwrap noauth ratelimit osapi_compute_app_v2
    deprecated = faultwrap auth ratelimit osapi_compute_app_v2
    keystone = faultwrap authtoken keystonecontext ratelimit osapi_compute_app_v2
    keystone_nolimit = faultwrap authtoken keystonecontext osapi_compute_app_v2
    
    [composite:openstack_volume_api_v1]
    use = call:nova.api.auth:pipeline_factory
    noauth = faultwrap noauth ratelimit osapi_volume_app_v1
    deprecated = faultwrap auth ratelimit osapi_volume_app_v1
    keystone = faultwrap authtoken keystonecontext ratelimit osapi_volume_app_v1
    keystone_nolimit = faultwrap authtoken keystonecontext osapi_volume_app_v1
    
    [filter:faultwrap]
    paste.filter_factory = nova.api.openstack:FaultWrapper.factory
    
    [filter:auth]
    paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
    
    [filter:noauth]
    paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
    
    [filter:ratelimit]
    paste.filter_factory = nova.api.openstack.compute.limits:RateLimitingMiddleware.factory
    
    [app:osapi_compute_app_v2]
    paste.app_factory = nova.api.openstack.compute:APIRouter.factory
    
    [pipeline:oscomputeversions]
    pipeline = faultwrap oscomputeversionapp
    
    [app:osapi_volume_app_v1]
    paste.app_factory = nova.api.openstack.volume:APIRouter.factory
    
    [app:oscomputeversionapp]
    paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
    
    [pipeline:osvolumeversions]
    pipeline = faultwrap osvolumeversionapp
    
    [app:osvolumeversionapp]
    paste.app_factory = nova.api.openstack.volume.versions:Versions.factory
    
    ##########
    # Shared #
    ##########
    
    [filter:keystonecontext]
    paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
    
    [filter:authtoken]
    paste.filter_factory = keystone.middleware.auth_token:filter_factory
    service_protocol = http
    service_host = 60.12.206.105
    service_port = 5000
    auth_host = 60.12.206.105
    auth_port = 35357
    auth_protocol = http
    auth_uri = http://60.12.206.105:5000/
    admin_tenant_name = tenant
    admin_user = nova
    admin_password = service
  • 在/etc/nova建立policy.json作为NOVA服务策略文件,内容如下:
    {
        "admin_or_owner":  [["role:admin"], ["project_id:%(project_id)s"]],
        "default": [["rule:admin_or_owner"]],
    
        "compute:create": [],
        "compute:create:attach_network": [],
        "compute:create:attach_volume": [],
        "compute:get_all": [],
    
        "admin_api": [["role:admin"]],
        "compute_extension:accounts": [["rule:admin_api"]],
        "compute_extension:admin_actions": [["rule:admin_api"]],
        "compute_extension:admin_actions:pause": [["rule:admin_or_owner"]],
        "compute_extension:admin_actions:unpause": [["rule:admin_or_owner"]],
        "compute_extension:admin_actions:suspend": [["rule:admin_or_owner"]],
        "compute_extension:admin_actions:resume": [["rule:admin_or_owner"]],
        "compute_extension:admin_actions:lock": [["rule:admin_api"]],
        "compute_extension:admin_actions:unlock": [["rule:admin_api"]],
        "compute_extension:admin_actions:resetNetwork": [["rule:admin_api"]],
        "compute_extension:admin_actions:injectNetworkInfo": [["rule:admin_api"]],
        "compute_extension:admin_actions:createBackup": [["rule:admin_or_owner"]],
        "compute_extension:admin_actions:migrateLive": [["rule:admin_api"]],
        "compute_extension:admin_actions:migrate": [["rule:admin_api"]],
        "compute_extension:aggregates": [["rule:admin_api"]],
        "compute_extension:certificates": [],
        "compute_extension:cloudpipe": [["rule:admin_api"]],
        "compute_extension:console_output": [],
        "compute_extension:consoles": [],
        "compute_extension:createserverext": [],
        "compute_extension:deferred_delete": [],
        "compute_extension:disk_config": [],
        "compute_extension:extended_server_attributes": [["rule:admin_api"]],
        "compute_extension:extended_status": [],
        "compute_extension:flavorextradata": [],
        "compute_extension:flavorextraspecs": [],
        "compute_extension:flavormanage": [["rule:admin_api"]],
        "compute_extension:floating_ip_dns": [],
        "compute_extension:floating_ip_pools": [],
        "compute_extension:floating_ips": [],
        "compute_extension:hosts": [["rule:admin_api"]],
        "compute_extension:keypairs": [],
        "compute_extension:multinic": [],
        "compute_extension:networks": [["rule:admin_api"]],
        "compute_extension:quotas": [],
        "compute_extension:rescue": [],
        "compute_extension:security_groups": [],
        "compute_extension:server_action_list": [["rule:admin_api"]],
        "compute_extension:server_diagnostics": [["rule:admin_api"]],
        "compute_extension:simple_tenant_usage:show": [["rule:admin_or_owner"]],
        "compute_extension:simple_tenant_usage:list": [["rule:admin_api"]],
        "compute_extension:users": [["rule:admin_api"]],
        "compute_extension:virtual_interfaces": [],
        "compute_extension:virtual_storage_arrays": [],
        "compute_extension:volumes": [],
        "compute_extension:volumetypes": [],
    
        "volume:create": [],
        "volume:get_all": [],
        "volume:get_volume_metadata": [],
        "volume:get_snapshot": [],
        "volume:get_all_snapshots": [],
    
        "network:get_all_networks": [],
        "network:get_network": [],
        "network:delete_network": [],
        "network:disassociate_network": [],
        "network:get_vifs_by_instance": [],
        "network:allocate_for_instance": [],
        "network:deallocate_for_instance": [],
        "network:validate_networks": [],
        "network:get_instance_uuids_by_ip_filter": [],
    
        "network:get_floating_ip": [],
        "network:get_floating_ip_pools": [],
        "network:get_floating_ip_by_address": [],
        "network:get_floating_ips_by_project": [],
        "network:get_floating_ips_by_fixed_address": [],
        "network:allocate_floating_ip": [],
        "network:deallocate_floating_ip": [],
        "network:associate_floating_ip": [],
        "network:disassociate_floating_ip": [],
    
        "network:get_fixed_ip": [],
        "network:add_fixed_ip_to_instance": [],
        "network:remove_fixed_ip_from_instance": [],
        "network:add_network_to_project": [],
        "network:get_instance_nw_info": [],
    
        "network:get_dns_domains": [],
        "network:add_dns_entry": [],
        "network:modify_dns_entry": [],
        "network:delete_dns_entry": [],
        "network:get_dns_entries_by_address": [],
        "network:get_dns_entries_by_name": [],
        "network:create_private_dns_domain": [],
        "network:create_public_dns_domain": [],
        "network:delete_dns_domain": []
    }
  • 在/etc/init.d/下建立名为nova-api的NOVA-API服务启动脚本,内容如下:
    #!/bin/sh
    #
    # openstack-nova-api  OpenStack Nova API Server
    #
    # chkconfig:   - 20 80
    # description: At the heart of the cloud framework is an API Server. \
    #              This API Server makes command and control of the      \
    #              hypervisor, storage, and networking programmatically  \
    #              available to users in realization of the definition   \
    #              of cloud computing.
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: OpenStack Nova API Server
    # Description: At the heart of the cloud framework is an API Server.
    #              This API Server makes command and control of the
    #              hypervisor, storage, and networking programmatically
    #              available to users in realization of the definition
    #              of cloud computing.
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=api
    prog=openstack-nova-$suffix
    exec="/usr/bin/nova-$suffix"
    config="/etc/nova/nova.conf"
    pidfile="/var/run/nova/nova-$suffix.pid"
    logfile="/var/log/nova/$suffix.log"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/nova/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user nova --pidfile $pidfile "$exec --config-file=$config --logfile=$logfile &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d/下建立名为nova-network的NOVA-NETWORK服务启动脚本,内容如下:
    #!/bin/sh
    #
    # openstack-nova-network  OpenStack Nova Network Controller
    #
    # chkconfig:   - 20 80
    # description: The Network Controller manages the networking resources \
    #              on host machines. The API server dispatches commands    \
    #              through the message queue, which are subsequently       \
    #              processed by Network Controllers.                       \
    #              Specific operations include:                            \
    #              * Allocate Fixed IP Addresses                           \
    #              * Configuring VLANs for projects                        \
    #              * Configuring networks for compute nodes                \
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: OpenStack Nova Network Controller
    # Description: The Network Controller manages the networking resources
    #              on host machines. The API server dispatches commands
    #              through the message queue, which are subsequently
    #              processed by Network Controllers.
    #              Specific operations include:
    #              * Allocate Fixed IP Addresses
    #              * Configuring VLANs for projects
    #              * Configuring networks for compute nodes
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=network
    prog=openstack-nova-$suffix
    exec="/usr/bin/nova-$suffix"
    config="/etc/nova/nova.conf"
    pidfile="/var/run/nova/nova-$suffix.pid"
    logfile="/var/log/nova/$suffix.log"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/nova/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user nova --pidfile $pidfile "$exec --config-file=$config --logfile=$logfile &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d/下建立名为nova-objectstore的NOVA-OBJECTSTORE服务启动脚本,内容如下:
    #!/bin/sh
    #
    # openstack-nova-objectstore  OpenStack Nova Object Storage
    #
    # chkconfig:   - 20 80
    # description: Implementation of an S3-like storage server based on local files.
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: OpenStack Nova Object Storage
    # Description: Implementation of an S3-like storage server based on local files.
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=objectstore
    prog=openstack-nova-$suffix
    exec="/usr/bin/nova-$suffix"
    config="/etc/nova/nova.conf"
    pidfile="/var/run/nova/nova-$suffix.pid"
    logfile="/var/log/nova/$suffix.log"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/nova/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user nova --pidfile $pidfile "$exec --config-file=$config --logfile=$logfile &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d/下建立名为nova-scheduler的NOVA-SCHEDULER服务启动脚本,内容如下:
    #!/bin/sh
    #
    # openstack-nova-scheduler  OpenStack Nova Scheduler
    #
    # chkconfig:   - 20 80
    # description: Determines which physical hardware to allocate to a virtual resource
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: OpenStack Nova Scheduler
    # Description: Determines which physical hardware to allocate to a virtual resource
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=scheduler
    prog=openstack-nova-$suffix
    exec="/usr/bin/nova-$suffix"
    config="/etc/nova/nova.conf"
    pidfile="/var/run/nova/nova-$suffix.pid"
    logfile="/var/log/nova/$suffix.log"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/nova/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user nova --pidfile $pidfile "$exec --config-file=$config --logfile=$logfile &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d/下建立名为nova-volume的NOVA-VOLUME服务启动脚本,内容如下:
    #!/bin/sh
    #
    # openstack-nova-volume  OpenStack Nova Volume Worker
    #
    # chkconfig:   - 20 80
    # description:  Volume Workers interact with iSCSI storage to manage    \
    #               LVM-based instance volumes. Specific functions include: \
    #               * Create Volumes                                        \
    #               * Delete Volumes                                        \
    #               * Establish Compute volumes
    
    ### BEGIN INIT INFO
    # Provides:
    # Required-Start: $remote_fs $network $syslog
    # Required-Stop: $remote_fs $syslog
    # Default-Stop: 0 1 6
    # Short-Description: OpenStack Nova Volume Worker
    # Description:  Volume Workers interact with iSCSI storage to manage
    #               LVM-based instance volumes. Specific functions include:
    #               * Create Volumes
    #               * Delete Volumes
    #               * Establish Compute volumes
    ### END INIT INFO
    
    . /etc/rc.d/init.d/functions
    
    suffix=volume
    prog=openstack-nova-$suffix
    exec="/usr/bin/nova-$suffix"
    config="/etc/nova/nova.conf"
    pidfile="/var/run/nova/nova-$suffix.pid"
    logfile="/var/log/nova/$suffix.log"
    
    [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
    
    lockfile=/var/lock/nova/$prog
    
    start() {
        [ -x $exec ] || exit 5
        [ -f $config ] || exit 6
        echo -n $"Starting $prog: "
        daemon --user nova --pidfile $pidfile "$exec --config-file=$config --logfile=$logfile &>/dev/null & echo \$! > $pidfile"
        retval=$?
        echo
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        echo -n $"Stopping $prog: "
        killproc -p $pidfile $prog
        retval=$?
        echo
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    reload() {
        restart
    }
    
    force_reload() {
        restart
    }
    
    rh_status() {
        status -p $pidfile $prog
    }
    
    rh_status_q() {
        rh_status >/dev/null 2>&1
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            rh_status_q || exit 7
            $1
            ;;
        force-reload)
            force_reload
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
            exit 2
    esac
    exit $?
  • 配置启动脚本:
    chmod 755 /etc/init.d/nova-api
    chmod 755 /etc/init.d/nova-network
    chmod 755 /etc/init.d/nova-objectstore
    chmod 755 /etc/init.d/nova-scheduler
    chmod 755 /etc/init.d/nova-volume
    mkdir /var/run/nova
    mkdir -p /var/lib/nova/instances
    mkdir /var/lock/nova
    chown nova:root /var/run/nova
    chown -R nova:nova /var/lib/nova
    chown nova:root /var/lock/nova
  • 配置sudo
    在/etc/sudoers.d/建立nova文件,内容如下:

    Defaults:nova !requiretty
    Cmnd_Alias NOVACMDS = /bin/aoe-stat,                            \
                          /bin/chmod,                               \
                          /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
                          /bin/chown,                               \
                          /bin/chown /var/lib/nova/tmp/*/root/.ssh, \
                          /bin/dd,                                  \
                          /bin/kill,                                \
                          /bin/mkdir,                               \
                          /bin/mount,                               \
                          /bin/umount,                              \
                          /sbin/aoe-discover,                       \
                          /sbin/ifconfig,                           \
                          /sbin/ip,                                 \
                          /sbin/ip6tables-restore,                  \
                          /sbin/ip6tables-save,                     \
                          /sbin/iptables,                           \
                          /sbin/iptables-restore,                   \
                          /sbin/iptables-save,                      \
                          /sbin/iscsiadm,                           \
                          /sbin/kpartx,                             \
                          /sbin/losetup,                            \
                          /sbin/lvcreate,                           \
                          /sbin/lvdisplay,                          \
                          /sbin/lvremove,                           \
                          /sbin/pvcreate,                           \
                          /sbin/route,                              \
                          /sbin/tune2fs,                            \
                          /sbin/vconfig,                            \
                          /sbin/vgcreate,                           \
                          /sbin/vgs,                                \
                          /usr/bin/fusermount,                      \
                          /usr/bin/guestmount,                      \
                          /usr/bin/socat,                           \
                          /bin/cat,                           \
                          /usr/bin/tee,                             \
                          /usr/bin/qemu-nbd,                        \
                          /usr/bin/virsh,                           \
                          /usr/sbin/brctl,                          \
                          /usr/sbin/dnsmasq,                        \
                          /usr/sbin/ietadm,                         \
                          /usr/sbin/radvd,                          \
                          /usr/sbin/tgtadm,                         \
                          /usr/sbin/vblade-persist
    
    nova ALL = (root) NOPASSWD: SETENV: NOVACMDS
    chmod 0440 /etc/sudoers.d/nova
  • 配置polkit策略在/etc/polkit-1/localauthority/50-local.d/建立50-nova.pkla,内容如下:
    [Allow nova libvirt management permissions]
    Identity=unix-user:nova
    Action=org.libvirt.unix.manage
    ResultAny=yes
    ResultInactive=yes
    ResultActive=yes
  • 建立NOVA服务数据库结构
    nova-manage db sync
  • 安装iscsitargetwget http://sourceforge.net/projects/iscsitarget/files/iscsitarget/1.4.20.2/iscsitarget-1.4.20.2.tar.gz/download -P /opt
    cd /opt
    tar xf iscsitarget-1.4.20.2.tar.gz
    cd iscsitarget-1.4.20.2
    make
    make install
    /etc/init.d/iscsi-target startnetstat -ltnp 查看是否有tcp 3260端口监听
  • 建立nova-volumes卷
    fdisk /dev/sdb
    n
    p
    1
    两次回车
    t
    83
    w
    mkfs.ext4 /dev/sdb1
    vgcreate nova-volumes /dev/sdb1
  • 启动NOVA相关服务
    /etc/init.d/nova-api start
    /etc/init.d/nova-network start
    /etc/init.d/nova-objectstore start
    /etc/init.d/nova-scheduler start
    /etc/init.d/nova-volume start
  • 检测服务是否正常启动通过netstat -ltunp查看是否有tcp 3333、8773、8774、8775、8776端口监听
    如果没有正常启动请查看/var/log/nova目录下相关文件排错

3.17 SWIFT对象存储服务配置

  • 建立SWIFT服务配置文件存放目录
    mkdir /etc/swift
  • 建立SWIFT服务启动用户
    useradd -s /sbin/nologin -m -d /var/log/swift swift
  • 格式化硬盘及挂载
    yum -y install xfsprogs
    mkfs.xfs -f -i size=1024 /dev/sdc
    mkfs.xfs -f -i size=1024 /dev/sdd
    mkdir -p /swift/drivers/sd{c,d}
    mount -t xfs -o noatime,nodiratime,nobarrier,logbufs=8 /dev/sdc /swift/drivers/sdc
    mount -t xfs -o noatime,nodiratime,nobarrier,logbufs=8 /dev/sdd /swift/drivers/sdd
    echo -e '/dev/sdc\t/swift/drivers/sdc\txfs\tnoatime,nodiratime,nobarrier,logbufs=8\t0 0' >>/etc/fstab
    echo -e '/dev/sdd\t/swift/drivers/sdd\txfs\tnoatime,nodiratime,nobarrier,logbufs=8\t0 0' >>/etc/fstab
  • swift同步相关配置
    mkdir -p /swift/node/sd{c,d}
    ln -sv /swift/drivers/sdc /swift/node/sdc
    ln -sv /swift/drivers/sdd /swift/node/sdd

    在/etc下建立rsyncd.conf文件,内容如下:

    uid = swift
    gid = swift
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid
    address = 192.168.1.2
    
    [account5000]
    max connections = 50
    path = /swift/node/sdc
    read only = false
    lock file = /var/lock/account5000.lock
    
    [account5001]
    max connections = 50
    path = /swift/node/sdd
    read only = false
    lock file = /var/lock/account5001.lock
    
    [container4000]
    max connections = 50
    path = /swift/node/sdc
    read only = false
    lock file = /var/lock/container4000.lock
    
    [container4000]
    max connections = 50
    path = /swift/node/sdd
    read only = false
    lock file = /var/lock/container4001.lock
    
    [object3000]
    max connections = 50
    path = /swift/node/sdc
    read only = false
    lock file = /var/lock/object3000.lock
    
    [object3001]
    max connections = 50
    path = /swift/node/sdd
    read only = false
    lock file = /var/lock/object3001.lock
    yum -y install xinetd
    sed -i '/disable/s#yes#no#g' /etc/xinetd.d/rsync
    /etc/init.d/xinetd start
    mkdir -p /etc/swift/{object,container,account}-server

    在/etc/swift下建立swift.conf文件,内容如下:

    [swift-hash]
    swift_hash_path_suffix = changeme

    在/etc/swift下建立proxy-server.conf文件,内容如下:

    [DEFAULT]
    bind_port = 8080
    user = swift
    swift_dir = /etc/swift
    workers = 8
    log_name = swift
    log_facility = LOG_LOCAL1
    log_level = DEBUG
    
    [pipeline:main]
    pipeline = healthcheck cache swift3 s3token authtoken keystone proxy-server
    
    [app:proxy-server]
    use = egg:swift#proxy
    allow_account_management = true
    account_autocreate = true
    
    [filter:keystone]
    paste.filter_factory = keystone.middleware.swift_auth:filter_factory
    operator_roles = Member,admin,SwiftOperator
    
    # NOTE(chmou): s3token middleware is not updated yet to use only
    # username and password.
    [filter:s3token]
    paste.filter_factory = keystone.middleware.s3_token:filter_factory
    service_port = 60.12.206.105
    service_host = 5000
    auth_host = 60.12.206.105
    auth_port = 35357
    auth_protocol = http
    auth_token = ADMIN
    admin_token = ADMIN
    
    [filter:authtoken]
    paste.filter_factory = keystone.middleware.auth_token:filter_factory
    auth_host = 60.12.206.105
    auth_port = 35357
    auth_protocol = http
    auth_uri = http://60.12.206.105:5000/
    admin_tenant_name = tenant
    admin_user = swift
    admin_password = service
    
    [filter:swift3]
    use = egg:swift#swift3
    
    [filter:healthcheck]
    use = egg:swift#healthcheck
    
    [filter:cache]
    use = egg:swift#memcache

    在/etc/swift/account-server下建立sdc.conf和sdd.conf文件,内容如下:

    –——————sdc.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdc
    mount_check = false
    bind_port = 5000
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = account-server
    
    [app:account-server]
    use = egg:swift#account
    
    [account-replicator]
    vm_test_mode = yes
    
    [account-auditor]
    
    [account-reaper]
    
    –——————sdd.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdd
    mount_check = false
    bind_port = 5001
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = account-server
    
    [app:account-server]
    use = egg:swift#account
    
    [account-replicator]
    vm_test_mode = yes
    
    [account-auditor]
    
    [account-reaper]

    在/etc/swift/container-server下建立sdc.conf和sdd.conf文件,内容如下:

    --------------------sdc.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdc
    mount_check = false
    bind_port = 4000
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = container-server
    
    [app:container-server]
    use = egg:swift#container
    
    [container-replicator]
    vm_test_mode = yes
    
    [container-updater]
    
    [container-auditor]
    
    [container-sync]
    
    --------------------sdd.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdd
    mount_check = false
    bind_port = 4001
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = container-server
    
    [app:container-server]
    use = egg:swift#container
    
    [container-replicator]
    vm_test_mode = yes
    
    [container-updater]
    
    [container-auditor]
    
    [container-sync]

    在/etc/swift/object-server下建立sdc.conf和sdd.conf文件,内容如下:

    --------------------sdc.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdc
    mount_check = false
    bind_port = 3000
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = object-server
    
    [app:object-server]
    use = egg:swift#object
    
    [object-replicator]
    vm_test_mode = yes
    
    [object-updater]
    
    [object-auditor]
    
    [object-expirer]
    
    --------------------sdd.conf--------------------
    [DEFAULT]
    devices = /swift/node/sdd
    mount_check = false
    bind_port = 3001
    user = swift
    log_facility = LOG_LOCAL0
    swift_dir = /etc/swift
    
    [pipeline:main]
    pipeline = object-server
    
    [app:object-server]
    use = egg:swift#object
    
    [object-replicator]
    vm_test_mode = yes
    
    [object-updater]
    
    [object-auditor]
    
    [object-expirer]
  • 建立ring
    cd /etc/swift
    swift-ring-builder account.builder create 8 2 1
    swift-ring-builder account.builder add z1-60.12.206.105:5000/sdc 1
    swift-ring-builder account.builder add z2-60.12.206.105:5001/sdd 1
    swift-ring-builder account.builder rebalance
    
    swift-ring-builder container.builder create 8 2 1
    swift-ring-builder container.builder add z1-60.12.206.105:4000/sdc 1
    swift-ring-builder container.builder add z2-60.12.206.105:4001/sdd 1
    swift-ring-builder container.builder rebalance
    
    swift-ring-builder object.builder create 8 2 1
    swift-ring-builder object.builder add z1-60.12.206.105:3000/sdc 1
    swift-ring-builder object.builder add z2-60.12.206.105:3001/sdd 1
    swift-ring-builder object.builder rebalance
  • 设置权限
    chown -R swift:swift /swift
  • 建立各服务启动脚本在/etc/swift下建立functions文件,内容如下:
    . /etc/rc.d/init.d/functions
    
    swift_action() {
      retval=0
      server="$1"
      call="swift_$2"
    
      if [[ -f "/etc/swift/$server-server.conf" ]]; then
        $call "$server" \
              "/etc/swift/$server-server.conf" \
              "/var/run/swift/$server-server.pid"
        [ $? -ne 0 ] && retval=1
      elif [[ -d "/etc/swift/$server-server/" ]]; then
        declare -i count=0
        for name in $( ls "/etc/swift/$server-server/" ); do
          $call "$server" \
                "/etc/swift/$server-server/$name" \
                "/var/run/swift/$server-server/$count.pid"
          [ $? -ne 0 ] && retval=1
          count=$count+1
        done
      fi
      return $retval
    }
    
    swift_start() {
      name="$1"
      long_name="$name-server"
      conf_file="$2"
      pid_file="$3"
    
      ulimit -n ${SWIFT_MAX_FILES-32768}
      echo -n "Starting swift-$long_name: "
      daemon --pidfile $pid_file \
        "/usr/bin/swift-$long_name $conf_file &>/var/log/swift-startup.log & echo \$! > $pid_file"
      retval=$?
      echo
      return $retval
    }
    
    swift_stop() {
      name="$1"
      long_name="$name-server"
      conf_name="$2"
      pid_file="$3"
    
      echo -n "Stopping swift-$long_name: "
      killproc -p $pid_file -d ${SWIFT_STOP_DELAY-15} $long_name
      retval=$?
      echo
      return $retval
    }
    
    swift_status() {
      name="$1"
      long_name="$name-server"
      conf_name="$2"
      pid_file="$3"
    
      status -p $pid_file $long_name
    }

    在/etc/init.d下建立swift-proxy文件,内容如下:

    #!/bin/sh
    
    ### BEGIN INIT INFO
    # Provides:          openstack-swift-proxy
    # Required-Start:    $remote_fs
    # Required-Stop:     $remote_fs
    # Default-Stop:      0 1 6
    # Short-Description: Swift proxy server
    # Description:       Account server for swift.
    ### END INIT INFO
    
    # openstack-swift-proxy: swift proxy server
    #
    # chkconfig: - 20 80
    # description: Proxy server for swift.
    
    . /etc/rc.d/init.d/functions
    . /etc/swift/functions
    
    name="proxy"
    
    [ -e "/etc/sysconfig/openstack-swift-$name" ] && . "/etc/sysconfig/openstack-swift-$name"
    
    lockfile="/var/lock/swift/openstack-swift-proxy"
    
    start() {
        swift_action "$name" start
        retval=$?
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        swift_action "$name" stop
        retval=$?
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    rh_status() {
        swift_action "$name" status
    }
    
    rh_status_q() {
        rh_status &> /dev/null
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
            exit 2
    esac
    exit $?

    在/etc/init.d下建立swift-account文件,内容如下:

    #!/bin/sh
    
    ### BEGIN INIT INFO
    # Provides:          openstack-swift-account
    # Required-Start:    $remote_fs
    # Required-Stop:     $remote_fs
    # Default-Stop:      0 1 6
    # Short-Description: Swift account server
    # Description:       Account server for swift.
    ### END INIT INFO
    
    # openstack-swift-account: swift account server
    #
    # chkconfig: - 20 80
    # description: Account server for swift.
    
    . /etc/rc.d/init.d/functions
    . /etc/swift/functions
    
    name="account"
    
    [ -e "/etc/sysconfig/openstack-swift-$name" ] && . "/etc/sysconfig/openstack-swift-$name"
    
    lockfile="/var/lock/swift/openstack-swift-account"
    
    start() {
        swift_action "$name" start
        retval=$?
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        swift_action "$name" stop
        retval=$?
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    rh_status() {
        swift_action "$name" status
    }
    
    rh_status_q() {
        rh_status &> /dev/null
    }
    
    case "$1" in
        start)
            rh_status_q && exit 0
            $1
            ;;
        stop)
            rh_status_q || exit 0
            $1
            ;;
        restart)
            $1
            ;;
        reload)
            ;;
        status)
            rh_status
            ;;
        condrestart|try-restart)
            rh_status_q || exit 0
            restart
            ;;
        *)
            echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart}"
            exit 2
    esac
    exit $?
  • 在/etc/init.d下建立swift-container文件,内容如下:
    #!/bin/sh
    
    ### BEGIN INIT INFO
    # Provides:          openstack-swift-container
    # Required-Start:    $remote_fs
    # Required-Stop:     $remote_fs
    # Default-Stop:      0 1 6
    # Short-Description: Swift container server
    # Description:       Container server for swift.
    ### END INIT INFO
    
    # openstack-swift-container: swift container server
    #
    # chkconfig: - 20 80
    # description: Container server for swift.
    
    . /etc/rc.d/init.d/functions
    . /etc/swift/functions
    
    name="container"
    
    [ -e "/etc/sysconfig/openstack-swift-$name" ] && . "/etc/sysconfig/openstack-swift-$name"
    
    lockfile="/var/lock/swift/openstack-swift-container"
    
    start() {
        swift_action "$name" start
        retval=$?
        [ $retval -eq 0 ] && touch $lockfile
        return $retval
    }
    
    stop() {
        swift_action "$name" stop
        retval=$?
        [ $retval -eq 0 ] && rm -f $lockfile
        return $retval
    }
    
    restart() {
        stop
        start
    }
    
    rh_status() {
        swift_action "$name" status
    }
    
    rh_status_q() {
        rh_status &> /dev/null
    }
    
    case "$1" in
        start)