废话不多说,先来看架构图:
网络关系图
下面是3台机器的基本设置:
第一章
控制节点:
以下操作全部在控制节点上(以root身份)执行:
1. 控制节点服务项目
控制节点提供的服务如下:
• Databases (with MySQL)
• Queues (with RabbitMQ)
• Keystone
• Glance
• Nova (without nova-compute)
• Cinder
• Quantum Server (with Open-vSwitch plugin)
• Dashboard (with Horizon)
2 详细设置
2.1 部分前期设置
2.1.1 设置主机名(hostname):
/etc/hostname 清空后添加cloud
2.1.2 添加Ubuntu Cloud Archive
apt-get install ubuntu-cloud-keyring
2.1.3 创建云架构用到的源列表 /etc/apt/sources.list.d/cloud-archive.list:
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntuprecise-updates/grizzly main >> /etc/apt/sources.list.d/cloud-archive.list
2.1.4 更新系统:
sudo apt-get update && apt-get upgrade
2.1.5 设置网络参数:
文件路径/etc/network/interfaces,清空之后设置如下
# Internal Network
auto eth0
iface eth0 inet static
address 10.10.10.10(这里的地址随便设置)
netmask 255.255.255.0
# External Network
auto eth1
iface eth1 inet static
address 10.0.0.10(在你自己机器上以root身份执行ifconfig显示的ip)
netmask 255.255.255.0
gateway 10.0.0.1
dns-nameservers8.8.8.8(这个是所有机器通用的,你的我的大家的,有时机器不能联网可能是这里没设置)
2.1.6 这一步具体啥作用,没搞明白,以后补充:
文件路径Edit /etc/sysctl.conf,找到并修改参数如下
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
2.1.7 重启网络:
servicenetworking restart(会出现unknown instance但是网络会重启,也可执行/etc/init.d/networking restart代替)
2.1.8 使sysctl设置生效:
sysctl -e -p /etc/sysctl.conf
2.1.9 编辑/etc/hosts
127.0.0.1 localhost
10.10.10.10 cloud
10.10.10.9 network
10.10.10.11 c01
2.1.10 安装ntp软件包
这个时间服务器将为所有节点提供支持。OpenStack所有组件的时间都必须同步,于是我们就在Server1上安装NTP服务并且让其他服务器或节点与之保持同步。
apt-get install -y ntp
安装之后需要重启:
service ntp restart
2.2 安装数据库
2.2.1 安装MySQL
此过程需要设置mysql密码,切记设置!
apt-get install -y python-mysqldb mysql-server
2.2.2 将绑定地址从127.0.0.1改为0.0.0.0,这样所有ip都可以访问控制节点
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
2.2.3 重启服务
service mysql restart
2.2.4 创建数据库:
首先进入mysql:
mysql -u root –p密码(p后面紧跟mysql密码)
然后依次执行下面命令:
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY'password';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIEDBY 'password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIEDBY 'password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIEDBY 'password';
CREATE DATABASE quantum;
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'localhost' IDENTIFIEDBY 'password';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'10.10.10.9' IDENTIFIEDBY 'password';
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'10.10.10.11' IDENTIFIEDBY 'password';
FLUSH PRIVILEGES;
执行\q保存并退出mysql
2.3 安装RabbitMQ服务
2.3.1 安装软件包:
apt-get install -y rabbitmq-server
2.3.2 修改默认密码:
rabbitmqctlchange_password guest password(此处password修改为你想设置的密码)
2.4 认证服务(即keystone模块)
2.4.1 安装软件包:
apt-get install -y keystone python-keystone python-keystoneclient
2.4.2 编辑/etc/keystone/keystone.conf,找到对应选项并设置如下:
[DEFAULT]
admin_token = password
debug = True
verbose = True
[sql]
connection = mysql://keystone:password@localhost/keystone
2.4.3 重启keystone服务并同步数据库
service keystone restart
keystone-manage db_sync
注意
如有错误请查看/var/log/keystone/keystone.log。
2.4.4 创建包含环境变量的文件openrc,其内容如下
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export OS_SERVICE_TOKEN=password
使上述变量生效:
source openrc
将该环境变量添加到系统环境变量中,这样开机自启动
echo "source openrc">> ~/.bashrc
2.4.5 为keystone创建一些初始化数据
下面的bash脚本将为keystone创建一些初始化数据以供后面使用,创建一个文件,将其复制进去,然后执行(~/文件名)即可,其创建数据如下:
两个项目: admin,services
两个角色: admin, Member
六个用户: admin, demo, nova, glance, quantum, cinder
六项服务: compute, volume, image, identity, ec2, network
#!/bin/bash
# Modify these variables as needed
ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
DEMO_PASSWORD=${DEMO_PASSWORD:-$ADMIN_PASSWORD}
export OS_SERVICE_TOKEN="password"
export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
#
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=localhost
MYSQL_PASSWORD=password
#
KEYSTONE_REGION=RegionOne
KEYSTONE_HOST=10.10.10.10
# Shortcut function to get a newly generated ID
function get_field() {
while read data; do
if [ "$1" -lt 0 ]; then
field="(\$(NF$1))"
else
field="\$$(($1 + 1))"
fi
echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print$field}"
done
}
# Tenants
ADMIN_TENANT=$(keystone tenant-create --name=admin | grep " id" | get_field
2)
DEMO_TENANT=$(keystone tenant-create --name=demo | grep " id" | get_field
2)
SERVICE_TENANT=$(keystone tenant-create --name=$SERVICE_TENANT_NAME| grep "
id " | get_field 2)
Basic Install Guide for Ubuntu
12.04 (LTS) and Debian Wheezy
December 4, 2013 Grizzly, 2013.1
9
# Users
ADMIN_USER=$(keystone user-create --name=admin--pass="$ADMIN_PASSWORD" --
email=admin@domain.com | grep " id " | get_field 2)
DEMO_USER=$(keystone user-create --name=demo--pass="$DEMO_PASSWORD" --
email=demo@domain.com --tenant-id=$DEMO_TENANT | grep " id" | get_field 2)
NOVA_USER=$(keystone user-create --name=nova--pass="$SERVICE_PASSWORD" --
tenant-id $SERVICE_TENANT --email=nova@domain.com | grep " id" | get_field
2)
GLANCE_USER=$(keystone user-create --name=glance--pass="$SERVICE_PASSWORD"
--tenant-id $SERVICE_TENANT --email=glance@domain.com | grep "id " |
get_field 2)
QUANTUM_USER=$(keystone user-create --name=quantum --pass=
"$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT--email=quantum@domain.com |
grep " id " | get_field 2)
CINDER_USER=$(keystone user-create --name=cinder--pass="$SERVICE_PASSWORD"
--tenant-id $SERVICE_TENANT --email=cinder@domain.com | grep "id " |
get_field 2)
# Roles
ADMIN_ROLE=$(keystone role-create --name=admin | grep " id" | get_field 2)
MEMBER_ROLE=$(keystone role-create --name=Member | grep " id" | get_field
2)
# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE--tenantid
$ADMIN_TENANT
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id$NOVA_USER --
role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id$GLANCE_USER --
role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id$QUANTUM_USER
--role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id$CINDER_USER --
role-id $ADMIN_ROLE
keystone user-role-add --tenant-id $DEMO_TENANT --user-id $DEMO_USER--roleid
$MEMBER_ROLE
# Create services
COMPUTE_SERVICE=$(keystone service-create --name nova --type compute--
description 'OpenStack Compute Service' | grep " id " |get_field 2)
VOLUME_SERVICE=$(keystone service-create --name cinder --type volume--
description 'OpenStack Volume Service' | grep " id " |get_field 2)
IMAGE_SERVICE=$(keystone service-create --name glance --type image--
description 'OpenStack Image Service' | grep " id " |get_field 2)
IDENTITY_SERVICE=$(keystone service-create --name keystone --typeidentity
--description 'OpenStack Identity' | grep " id " |get_field 2)
EC2_SERVICE=$(keystone service-create --name ec2 --type ec2--description
'OpenStack EC2 service' | grep " id " | get_field 2)
NETWORK_SERVICE=$(keystone service-create --name quantum --typenetwork --
description 'OpenStack Networking service' | grep " id " |get_field 2)
# Create endpoints
keystone endpoint-create --region $KEYSTONE_REGION --service-id
$COMPUTE_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8774/v2/
$(tenant_id)s' --adminurl'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
--internalurl'http://'"$KEYSTONE_HOST"':8774/v2/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id
$VOLUME_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':8776/v1/
$(tenant_id)s' --adminurl'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
--internalurl'http://'"$KEYSTONE_HOST"':8776/v1/$(tenant_id)s'
keystone endpoint-create --region $KEYSTONE_REGION --service-id
$IMAGE_SERVICE --publicurl'http://'"$KEYSTONE_HOST"':9292' --
adminurl 'http://'"$KEYSTONE_HOST"':9292' --internalurl'http://
'"$KEYSTONE_HOST"':9292'
keystone endpoint-create --region $KEYSTONE_REGION --service-id
$IDENTITY_SERVICE --publicurl 'http://'"$KEYSTONE_HOST"':5000/v2.0'--
adminurl 'http://'"$KEYSTONE_HOST"':35357/v2.0'--internalurl 'http://
'"$KEYSTONE_HOST"':5000/v2.0'
keystone endpoint-create --region $KEYSTONE_REGION --service-id$EC2_SERVICE
--publicurl'http://'"$KEYSTONE_HOST"':8773/services/Cloud' --adminurl
'http://'"$KEYSTONE_HOST"':8773/services/Admin'--internalurl 'http://
'"$KEYSTONE_HOST"':8773/services/Cloud'
keystone endpoint-create --region $KEYSTONE_REGION --service-id
$NETWORK_SERVICE --publicurl'http://'"$KEYSTONE_HOST"':9696/' --
adminurl 'http://'"$KEYSTONE_HOST"':9696/' --internalurl'http://
'"$KEYSTONE_HOST"':9696/'
注意:
如果这期间出现错误,你可以执行下列命令清空keystone数据库,然后再执行上面的bash文件即可:
mysql -u root -p -e "drop database keystone"
mysql -u root -p -e "create database keystone"
mysql -u root -p-e "grant all privileges on keystone.* TO 'keystone'@'localhost'identified by 'password'"
keystone-manage db_sync
2.5 镜像服务(即image服务)
2.5.1 安装软件包:
apt-get install glance
2.5.2 配置文件:
a. 找到并修改/etc/glance/glance-api.conf和/etc/glance/glance-registry.conf中的变量如下:
[DEFAULT]
sql_connection = mysql://glance:password@localhost/glance
[keystone_authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = password
[paste_deploy]
flavor=keystone
b. 重启服务:
service glance-api restart && service glance-registryrestart
c. 同步数据库:
glance-manage db_sync
d.下载并创建ubuntu镜像文件(文件太大,不推荐下载此镜像):
wget http://uec-images.ubuntu.com/precise/current/precise-server-cloudimg-
amd64-disk1.img
glanceimage-create --is-public true --disk-format qcow2 --container-format bare--name "Ubuntu" < precise-server-cloudimg-amd64-disk1.img
下载并创建CirrOS镜像文件:
wget http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glanceimage-create --is-public true --disk-format qcow2 --container-format bare--name "CirrOS 0.3.1" < cirros-0.3.1-x86_64-disk.img
e. 检查是否创建成功:
glance image-list
+--------------------------------------+--------------+-------------
+------------------+-----------+--------+
| ID | Name | Disk Format |
Container Format | Size | Status |
+--------------------------------------+--------------+-------------
+------------------+-----------+--------+
| acafc7c0-40aa-4026-9673-b879898e1fc2 | CirrOS 0.3.1 | qcow2 |
bare | 13147648 | active |
| 62f9278e-a26e-4fa0-9537-1eb503aa2f01 | Ubuntu | qcow2 |
bare | 253755392 | active |
+--------------------------------------+--------------+-------------
+------------------+-----------+--------+
2.6 计算服务(即nova服务)
2.6.1 安装软件包:
apt-get install-y nova-api nova-cert nova-common nova-conductor nova-scheduler python-novapython-novaclient nova-consoleauth novnc nova-novncproxy
2.6.2 配置Nova:
编辑/etc/nova/api-paste.ini:
admin_tenant_name = service
admin_user = nova
admin_password = password
将下列参数加入/etc/nova/nova.conf file,原来的继续保留
[DEFAULT]
sql_connection=mysql://nova:password@localhost/nova
my_ip=10.10.10.10
rabbit_password=password
auth_strategy=keystone
# Networking
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.10.10.10:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=password
quantum_admin_auth_url=http://10.10.10.10:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
# Security Groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
# Metadata
quantum_metadata_proxy_shared_secret=password
service_quantum_metadata_proxy=true
metadata_listen = 10.10.10.10
metadata_listen_port = 8775
# Cinder
volume_api_class=nova.volume.cinder.API
# Glance
glance_api_servers=10.10.10.10:9292
image_service=nova.image.glance.GlanceImageService
# novnc
novnc_enable=true
novncproxy_port=6080
novncproxy_host=10.0.0.10
vncserver_listen=0.0.0.0
2.6.3 同步数据库:
nova-manage db sync
2.6.4 重启服务
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-novncproxy restart
2.7 块存储服务(即Cinder服务)
2.7.1 安装软件包:
apt-get install-y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsiiscsitarget-dkms python-cinderclient linux-headers-`uname -r`
2.7.2 设置并启动服务:
sed -i 's/false/true/g' /etc/default/iscsitarget
service iscsitarget start
service open-iscsi start
2.7.3 设置Cinder:
编辑 /etc/cinder/cinder.conf找到并修改参数如下:
[DEFAULT]
sql_connection = mysql://cinder:password@localhost/cinder
rabbit_password = password
编辑 /etc/cinder/api-paste.ini找到并修改参数如下:
admin_tenant_name = service
admin_user = cinder
admin_password = password
2.7.4 创建LVM物理卷和逻辑卷:
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
2.7.5 同步数据库:
cinder-manage db sync
2.7.6 重启服务
service cinder-api restart
service cinder-scheduler restart
service cinder-volume restart
2.8 网络服务(即Quantum服务)
2.8.1 安装软件包:
apt-get install -y quantum-server
2.8.2 配置quantum:
编辑/etc/quantum/quantum.conf找到并设置参数如下:
[DEFAULT]
verbose = True
rabbit_password = password
[keystone_authtoken]
admin_tenant_name = service
admin_user = quantum
admin_password = password
编辑 /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini找到并设置参数如下:
[DATABASE]
sql_connection = mysql://quantum:password@localhost/quantum
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 10.10.10.10
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.
OVSHybridIptablesFirewallDriver
2.8.3 启用OVS插件:
ln -s/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini /etc/
quantum/plugin.ini
2.8.4 重启服务:
service quantum-server restart
2.9 安装UI模块(即Dashboard服务)
2.9.1 安装软件包:
apt-get install -y openstack-dashboard memcached python-memcache
建议卸载ubuntu主题包,否则会有部分功能不能显示:
apt-get remove --purge openstack-dashboard-ubuntu-theme
现在可以访问http://10.10.10.10/horizon了.我们可以登录账号admin,密码password或者账号demo 密码 password.
第二章
网络节点:
以下操作全部在网络节点上以root身份执行:
1. 网络节点提供服务:
Virtual Bridging (Open-vSwitch + Quantum Agent) with tunneling
DHCP Server (Quantum DHCP Agent)
Virtual Routing (Quantum L3 Agent)
2 详细设置
2.1 部分前期设置
2.1.1 设置主机名(hostname):
/etc/hostname 清空后添加network
2.1.2 添加Ubuntu Cloud Archive
apt-get install ubuntu-cloud-keyring
2.1.3 创建云架构用到的源列表 /etc/apt/sources.list.d/cloud-archive.list:
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntuprecise-updates/grizzly main >> /etc/apt/sources.list.d/cloud-archive.list
2.1.4 更新系统:
sudo apt-get update && apt-get upgrade
2.1.5 设置网络参数:
文件路径/etc/network/interfaces,清空之后设置如下
# Internal Network
auto eth0
iface eth0 inet static
address 10.10.10.9
netmask 255.255.255.0
# External Network
auto eth1
iface eth1 inet static
address 10.0.0.9(在你自己机器上以root身份执行ifconfig显示的ip)
netmask 255.255.255.0
gateway 10.0.0.1
dns-nameservers8.8.8.8 (这个是所有机器通用的,你的我的大家的,有时机器不能联网可能是这里没设置)
2.1.6 这一步具体啥作用,没搞明白,以后补充:
文件路径Edit /etc/sysctl.conf,找到并修改参数如下
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
2.1.7 重启网络:
servicenetworking restart(会出现unknown instance但是网络会重启,也可执行/etc/init.d/networking restart代替)
2.1.8 使sysctl设置生效:
sysctl -e -p /etc/sysctl.conf
2.1.9 编辑/etc/hosts
127.0.0.1 localhost
10.10.10.10 cloud
10.10.10.9 network
10.10.10.11 c01
2.1.10 安装ntp软件包
这个时间服务器将为所有节点提供支持。OpenStack所有组件的时间都必须同步,于是我们就在Server1上安装NTP服务并且让其他服务器或节点与之保持同步。
apt-get install -y ntp
安装之后需要重启:
service ntp restart
2.2 安装Open vSwitch
2.2.1 安装软件包:
apt-get install quantum-plugin-openvswitch-agent
quantum-dhcp-agent quantum-l3-agent
2.2.2 检查/etc/quantum/rootwrap.conf确保sudoers fil跟/etc/quantum/quantum.conf中的root_helper一致
2.2.3 启动openvswitch
service openvswitch-switch start
2.2.4 创建internal和externalnetwork的网桥.
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth1
ovs-vsctl add-br br-int
2.2.5 设置网桥如下:
a. 改变/etc/network/interfaces中的eth1如下:
auto eth1
iface eth1 inet manual
up ip address add 0/0 dev $IFACE
up ip link set $IFACE up
down ip link set $IFACE down
b. 向 /etc/network/interfaces中添加br-ex如下:
auto br-ex
iface br-ex inet static
address 10.0.0.9
netmask 255.255.255.0
gateway 10.0.0.1
c.移除eth1的IP并将其添加到 br-ex:
ip addr del 10.0.0.9/24 dev eth1
ip addr add 10.0.0.9/24 dev br-ex
d.重启网络:
service networking restart
2.2.6 创建一个NAT服务,这样虚拟机就可以通过网络节点访问外网:
iptables -AFORWARD -i eth1 -o br-ex -s 10.10.10.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -jACCEPT
iptables -A POSTROUTING -s 10.10.10.0/24 -t nat -j MASQUERADE
注意:
上述规则一旦机器重启就失效了,请另外寻找解决方案
2.3 设置网络服务
2.3.1 编辑/etc/quantum/quantum.conf找到并修改参数如下:
[DEFAULT]
verbose = True
rabbit_password = password
rabbit_host = 10.10.10.10
[keystone_authtoken]
auth_host = 10.10.10.10
admin_tenant_name = service
admin_user = quantum
admin_password = password
2.3.2 编辑 /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini找到并修改参数如下:
[database]
sql_connection = mysql://quantum:password@10.10.10.10/quantum
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 10.10.10.9
[securitygroup]
firewall_driver = quantum.agent.linux.iptables_firewall.
OVSHybridIptablesFirewallDriver
2.3.3 编辑/etc/quantum/dhcp_agent.ini找到并修改参数如下:
[DEFAULT]
enable_isolated_metadata = True
enable_metadata_network = True
2.3.4 编辑/etc/quantum/metadata_agent.ini找到并修改参数如下:
[DEFAULT]
auth_url = http://10.10.10.10:35357/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = quantum
admin_password = password
nova_metadata_ip = 10.10.10.10
metadata_proxy_shared_secret = password
2.3.5 重启服务:
service quantum-plugin-openvswitch-agent start
service quantum-dhcp-agent restart
service quantum-metadata-agent restart
service quantum-l3-agent restart
2.4 虚拟网络
2.4.1.1 创建虚拟网络,创建openrc文件,内容如下
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL="http://10.10.10.10:5000/v2.0/"
export SERVICE_ENDPOINT="http://10.10.10.10:35357/v2.0"
export SERVICE_TOKEN=password
2.4.1.2 使其生效:
source openrc
2.4.1.3 加入系统变量,使其开机即可生效:
echo "source openrc">> ~/.bashrc
2.4.2 下面的bash脚本为demo项目创建一个internal network:
#!/bin/bash
TENANT_NAME="demo"
TENANT_NETWORK_NAME="demo-net"
TENANT_SUBNET_NAME="${TENANT_NETWORK_NAME}-subnet"
TENANT_ROUTER_NAME="demo-router"
FIXED_RANGE="10.5.5.0/24"
NETWORK_GATEWAY="10.5.5.1"
TENANT_ID=$(keystone tenant-list | grep " $TENANT_NAME " |awk '{print $2}')
TENANT_NET_ID=$(quantum net-create --tenant_id $TENANT_ID
$TENANT_NETWORK_NAME --provider:network_type gre --
provider:segmentation_id 1 | grep " id " | awk '{print$4}')
TENANT_SUBNET_ID=$(quantum subnet-create --tenant_id $TENANT_ID--ip_version
4 --name $TENANT_SUBNET_NAME $TENANT_NET_ID $FIXED_RANGE --gateway
$NETWORK_GATEWAY --dns_nameservers list=true 8.8.8.8 | grep "id " | awk
'{print $4}')
ROUTER_ID=$(quantum router-create --tenant_id $TENANT_ID$TENANT_ROUTER_NAME
| grep " id " | awk '{print $4}')
quantum router-interface-add $ROUTER_ID $TENANT_SUBNET_ID
2.4.3 创建external network:
quantum net-create public --router:external=True
2.4.3.1 为external network创建子网:
quantumsubnet-create --ip_version 4 --gateway 10.0.0.1 public 10.0.0.0/24--allocation-pool start=10.0.0.200,end=10.0.0.250 --disable-dhcp –name public-subnet
2.4.3.2 将demo router的网管设置成publicnetwork:
quantum router-gateway-set demo-router public
第三章
计算节点:
以下操作全部在计算节点上以root身份执行:
1 计算节点提供如下服务:
Hypervisor (KVM)
nova-compute
Quantum OVS Agent
2 详细设置
2.1 部分前期设置
2.1.1 设置主机名(hostname):
/etc/hostname 清空后添加c01
2.1.2 添加Ubuntu Cloud Archive
apt-get install ubuntu-cloud-keyring
2.1.3 创建云架构用到的源列表 /etc/apt/sources.list.d/cloud-archive.list:
echo deb http://ubuntu-cloud.archive.canonical.com/ubuntuprecise-updates/grizzly main >> /etc/apt/sources.list.d/cloud-archive.list
2.1.4 更新系统:
sudo apt-get update && apt-get upgrade
2.1.5 设置网络参数:
文件路径/etc/network/interfaces,清空之后设置如下
# Internal Network
auto eth0
iface eth0 inet static
address 10.10.10.11
netmask 255.255.255.0
gateway 10.10.10.9
dns-nameservers 8.8.8.8(这个是所有机器通用的,你的我的大家的,有时机器不能联网可能是这里没设置)
2.1.6 这一步具体啥作用,没搞明白,以后补充:
文件路径Edit /etc/sysctl.conf,找到并修改参数如下
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
2.1.7 重启网络:
servicenetworking restart(会出现unknown instance但是网络会重启,也可执行/etc/init.d/networking restart代替)
2.1.8 使sysctl设置生效:
sysctl -e -p /etc/sysctl.conf
2.1.9 编辑/etc/hosts
127.0.0.1 localhost
10.10.10.10 cloud
10.10.10.9 network
10.10.10.11 c01
2.1.10 安装ntp软件包
这个时间服务器将为所有节点提供支持。OpenStack所有组件的时间都必须同步,于是我们就在Server1上安装NTP服务并且让其他服务器或节点与之保持同步。
apt-get install -y ntp
安装之后需要重启:
service ntp restart
2.2 计算服务(即nova服务)
2.2.1 安装软件包:
apt-get install nova-compute-kvm
2.2.2 配置Nova:
编辑Edit /etc/nova/api-paste.ini,找到并修改参数如下:
[filter:authtoken]
auth_host = 10.10.10.10
admin_tenant_name = service
admin_user = nova
admin_password = password
编辑Edit /etc/nova/nova.conf找到并修改参数如下:
[DEFAULT]
# General
verbose=True
my_ip=10.10.10.11
rabbit_host=10.10.10.10
rabbit_password=password
auth_strategy=keystone
ec2_host=10.10.10.10
ec2_url=http://10.10.10.10:8773/services/Cloud
# Networking
libvirt_use_virtio_for_bridges=True
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://10.10.10.10:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=password
quantum_admin_auth_url=http://10.10.10.10:35357/v2.0
# Security Groups
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=quantum
# Compute
compute_driver=libvirt.LibvirtDriver
connection_type=libvirt
# Cinder
volume_api_class=nova.volume.cinder.API
# Glance
glance_api_servers=10.10.10.10:9292
image_service=nova.image.glance.GlanceImageService
# novnc
vnc_enabled=true
vncserver_proxyclient_address=10.10.10.11
novncproxy_base_url=http://10.0.0.10:6080/vnc_auto.html
vncserver_listen=0.0.0.0
2.2.3 重启nova服务:
service nova-compute restart
2.3 安装Open vSwitch
2.3.1 安装软件包:
apt-get install -y openvswitch-switch
2.3.2 启动服务
service openvswitch-switch start
2.3.3 创建internal bridge
ovs-vsctl add-br br-int
2.4 安装Quantum
2.4.1 安装软件包:
apt-get install -y quantum-plugin-openvswitch-agent
2.4.2 编辑/etc/quantum/quantum.conf找到并修改参数如下:
[DEFAULT]
rabbit_host = 10.10.10.10
rabbit_password = password
verbose = True
2.4.3 编辑/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini找到并修改参数如下:
[DATABASE]
sql_connection = mysql://quantum:password@10.10.10.1/quantum
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
local_ip = 10.10.10.11
enable_tunneling = True
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.
OVSHybridIptablesFirewallDriver
2.4.4 重启服务:
service quantum-plugin-openvswitch-agent restart