参考陈沙克的文档:http://www.chenshake.com/ubuntu-12-04-openstack-essex-installation-single-node/
修改了其中数据库不能授权问题,优化了更新源,膜拜沙克老大
nova-network使用FlatDHCP+Multihost模式,每个服务器装两块网卡。eth0用于public network和manage network,eth1用于vm network。
节点名 角色 eth0 eth1 运行的服务
control-01 控制节点 10.50.9.240 keystone、glance、cinder、nova-api、nova-scheduler
compute-01 计算节点 10.50.9.241 nova-compute、nova-network、nova-api-metadata
compute-02 计算节点 10.50.9.242 nova-compute、nova-network、nova-api-metadata
compute-03 计算节点 10.50.9.243 nova-compute、nova-network、nova-api-metadata
使用的是 ubuntu-12.04.1-server-amd64
最小化安装,只需要安装ssh server就可以。
设置网络
Eth0: 10.50.9.240
Eth1: 不需要设置IP
编辑 /etc/network/interfaces,
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
#不同服务器有不同的IP地址
address 10.50.9.240
netmask 255.255.255.0
gateway 10.50.9.254
dns-nameservers 8.8.8.8
auto eth1
iface eth1 inet manual
up ifconfig eth1 up
查看当前网卡情况
# mii-tool
eth0: negotiated 1000baseT-FD flow-control, link ok
eth1: negotiated 1000baseT-FD flow-control, link ok
修改/etc/hostname(不同节点的hostname不一样) :
#cat /etc/hostname
control
修改/etc/hosts,添加上:
10.50.9.240 control
10.50.9.241 compute-01
10.50.9.242 compute-02
10.50.9.243 compute-03
10.50.9.244 compute-04
#######
/etc/init.d/networking restart
源
###################################################################
wget http://mirrors.163.com/.help/sources.list.precise
mv /etc/apt/sources.list /etc/apt/sources.list_copy
mv sources.list.precise /etc/apt/sources.list
#cat /etc/apt/sources.list_copy >> /etc/apt/sources.list
###################
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
apt-get update
apt-get upgrade
NTP服务器
对于单节点来说,NTP服务器,并不是必须的。如果是多台机器的环境。就需要设置所有的节点,都吧ntp服务指向相同的一个ntp服务器上。
apt-get -y install ntp
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
设置ISCSI (可选)
如果你不测试nova volume,可以不安装
apt-get -y install tgt lvm2
##nova-compute节点,需要安装ISCSI客户端
##apt-get install -y open-iscsi open-iscsi-utils
Nova-volume (可选)
我安装系统的时候,创建了一个nova-volume的分区,我先umount,再创建一个volume,名字为nova-volumes。
nova的默认使用的volume的名字就是叫 nova-volumes. 如果你希望改变,就需要指定在nova.conf 文件里。
查看分区情况
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda8 623G 941M 591G 1% /
udev 2.0G 4.0K 2.0G 1% /dev
tmpfs 790M 276K 789M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 2.0G 0 2.0G 0% /run/shm
/dev/sda1 138M 30M 101M 23% /boot
/dev/sda7 97G 188M 92G 1% /nova-volume
/dev/sda6 97G 188M 92G 1% /swift
创建nova-volumes 卷
###umount /dev/sda6
pvcreate /dev/sda6
vgcreate nova-volumes /dev/sda6
###sed -i '/nova-volume/s/^/#/' /etc/fstab
Bridge
目前Openstack的网络是通过linux的bridge和iptables来实现的。
apt-get -y install bridge-utils
重启网络
/etc/init.d/networking restart
RabbitMQ和Memcache 等
RabbitMQ是用来做调度使用。Memcache是给Dashboard使用。
apt-get install -y rabbitmq-server memcached python-memcache kvm libvirt-bin curl
环境变量
运行完下面的命令,你再对novarc进行修改。
cat >/root/novarc <<EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":" | awk -F "." '{print $1"."$2"."$3}').224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=$(openssl rand -hex 10)
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF
根据你的需求进行调整,
我的novarc的内容
# cat novarc
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=10.1.199.224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=d5d892e6de00a922f9fb
export MASTER="10.50.9.240"
确认没有问题或者进行修改,运行
source novarc
echo "source novarc">>.bashrc
MYSQL
应用数据库 数据库用户 密码
mysql root password
nova nova password
glance glance password
keystone keystone password
apt-get install -y mysql-server python-mysqldb
配置
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
重启mysql服务
service mysql restart
创建相关数据库(@后面换成自己的机器的主机名)
mysql -uroot -p$MYSQL_PASS <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'control' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-01' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-02' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-03' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-04' IDENTIFIED BY 'password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'control' IDENTIFIED BY 'password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'control' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EOF
############
Keystone
Keystone是Openstack的核心,所有的组件,都需要通过keystone进行认证和授权。
租户(tenant) 用户 密码
admin admin password
service nova password
glance password
安装
apt-get install -y keystone python-keystone python-keystoneclient
配置
编辑/etc/keystone/keystone.conf,需要修改
直接使用下面命令进行修改。
sed -i -e " s/admin_token = ADMIN/admin_token = $SERVICE_TOKEN/g" /etc/keystone/keystone.conf
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}' /etc/keystone/keystone.conf
重启服务
service keystone restart
同步keystone数据库
keystone-manage db_sync
keystone_data.sh导入用户信息
endpoints.sh 设置endpoint
wget http://www.chenshake.com/wp-content/uploads/2012/07/keystone_data.sh_.txt
mv keystone_data.sh_.txt keystone_data.sh
bash keystone_data.sh
没任何输出,就表示正确,可以通过下面命令检查
echo $?
显示0,就表示脚本正确运行,千万不要重复运行脚本。
Endpoint 导入
wget http://www.chenshake.com/wp-content/uploads/2012/07/endpoints.sh_.txt
mv endpoints.sh_.txt endpoints.sh
bash endpoints.sh
测试
可以使用curl命令来测试。
命令的格式如下
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":
{"username": "adminUser", "password": "secretword"}}}' -H "Content-type:
application/json" http://IP:35357/v2.0/tokens | python -mjson.tool
你需要替换一下。
curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "password"}}}' -H "Content-type:application/json" http://$MASTER:35357/v2.0/tokens | python -mjson.tool
你就可以获得一个24小时的token。(注意,上面的脚本没有创建demo用户,所以没法用demo账号去测试)
"token": {
"expires": "2012-09-27T02:09:37Z",
"id": "c719448800214e189da04772c2f75e23",
"tenant": {
"description": null,
"enabled": true,
"id": "dc7ca2e51139457dada2d0f7a3719476",
"name": "admin"
}
通过下面命令,可以检查keystone的设置是否正确。
root@node17:~# keystone user-list
+----------------------------------+---------+----------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+----------------------+--------+
| 1189d15892d24e00827e707bd2b7ab07 | True | admin@chenshake.com | admin |
| cca4a4ed1e8842db99239dc98fb1617f | True | glance@chenshake.com | glance |
| daccc34eacc7493989cd13df93e7f6bc | True | swift@chenshake.com | swift |
| ee57b02c535d44f48943de13831da232 | True | nova@chenshake.com | nova |
+----------------------------------+---------+----------------------+--------+
root@node17:~# keystone endpoint-list
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
| 0b04e1baac1a4c9fb07490e0911192cf | RegionOne | http://10.50.9.240:5000/v2.0 | http://10.50.9.240:5000/v2.0 | http://10.50.9.240:35357/v2.0 |
| 0d3315627d52419fa08095f9def5d7e4 | RegionOne | http://10.50.9.240:8776/v1/%(tenant_id)s | http://10.50.9.240:8776/v1/%(tenant_id)s | http://10.50.9.240:8776/v1/%(tenant_id)s |
| 1c92290cba9f4a278b42dbdf2802096c | RegionOne | http://10.50.9.240:9292/v1 | http://10.50.9.240:9292/v1 | http://10.50.9.240:9292/v1 |
| 56fe83ce20f341d99fc576770c275586 | RegionOne | http://10.50.9.240:8774/v2/%(tenant_id)s | http://10.50.9.240:8774/v2/%(tenant_id)s | http://10.50.9.240:8774/v2/%(tenant_id)s |
| 5fb51aae00684e56818869918f86b564 | RegionOne | http://10.50.9.240:8080/v1/AUTH_%(tenant_id)s | http://10.50.9.240:8080/v1/AUTH_%(tenant_id)s | http://10.50.9.240:8080/v1 |
| aaac7663872d493b85d9e583329be9ed | RegionOne | http://10.50.9.240:8773/services/Cloud | http://10.50.9.240:8773/services/Cloud | http://10.50.9.240:8773/services/Admin |
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
可以使用下面命令来查看结果
keystone tenant-list
keystone user-list
keystone role-list
Glance
Glance是提供镜像管理服务,可以理解成一个中间件,后面的存储可以是本地存储,也可以使用swift存储。
安装
apt-get install -y glance glance-api glance-client glance-common glance-registry python-glance
配置
编辑 /etc/glance/glance-api-paste.ini,/etc/glance/glance-registry-paste.ini,两个文件,都是修改文档最后3行
直接运行下面两条命令,实现修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/glance/glance-api-paste.ini
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/glance/glance-registry-paste.ini
编辑/etc/glance/glance-registry.conf,改成使用mysql验证
运行下面命令实现修改
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}' /etc/glance/glance-registry.conf
编辑/etc/glance/glance-registry.conf 和 /etc/glance/glance-api.conf,都在文件末尾添加两行
运行下面命令,完成修改
cat <<EOF >>/etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone
EOF
cat <<EOF >>/etc/glance/glance-registry.conf
[paste_deploy]
flavor = keystone
EOF
重启glance服务
service glance-api restart && service glance-registry restart
同步glance数据库
# glance-manage version_control 0
# glance-manage db_sync
/usr/lib/python2.7/dist-packages/glance/registry/db/migrate_repo/versions/003_add_disk_format.py:47:
SADeprecationWarning: useexisting is deprecated. Use extend_existing.
useexisting=True)
看到下面的输出,表示正常的。
重启glance服务
service glance-api restart && service glance-registry restart
测试
glance index
没有输出,表示正常,因为目前还没有镜像。
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < /root/cirros-0.3.0-x86_64-disk.img
wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < /root/precise-server-cloudimg-amd64-disk1.img
# glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
5dcf84a0-b491-4710-8d7a-5531bce0dedc cirros-0.3.0-x86_64 qcow2 bare 9761280
f4f62d8a-3e5b-4136-8547-ce3cb79771aa Ubuntu 12.04 cloudimg amd64 qcow2 ovf 230817792
Nova
安装
apt-get install -y nova-api nova-cert nova-common nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient nova-compute-kvm nova-network
nova-compute
配置
编辑 /etc/nova/api-paste.ini , 修改末尾3行
运行下面命令进行修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/nova/api-paste.ini
编辑/etc/nova/nova.conf 文件,
为了简单,大家直接copy下面内容,运行就可以。
虚拟机里安装,需要吧 libvirt_type=kvm 改成 ibvirt_type=qemu
cat >/etc/nova/nova.conf <<EOF
[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False
###### AUTHENTICATION
auth_strategy=keystone
###### SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler
###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm
###### DATABASE
sql_connection=mysql://nova:$MYSQL_PASS@$MASTER/nova
###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true
###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=$MASTER
cc_host=$MASTER
###### RABBITMQ
rabbit_host=$MASTER
###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=$MASTER:9292
###### NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=eth0
flat_interface=eth1
flat_network_bridge=br100
fixed_range=$FIXED_RANGE
multi_host=true
###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://$MASTER:6080/vnc_auto.html
vncserver_proxyclient_address=$MASTER
vncserver_listen=$MASTER
########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap
EOF
设置目录权限
chown -R nova:nova /etc/nova
重启所有服务
service rabbitmq-server restart
service libvirt-bin restart
service nova-scheduler restart
service nova-network restart
service nova-cert restart
service nova-compute restart
service nova-api restart
service nova-objectstore restart
service nova-volume restart
由于服务数量比较多,创建一个脚本 restart.sh 来重启所有服务。
#!/bin/bash
for a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \
nova-api nova-objectstore nova-scheduler nova-volume \
novnc nova-consoleauth; do service "$a" stop; done
for a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \
nova-api nova-objectstore nova-scheduler nova-volume \
novnc nova-consoleauth; do service "$a" start; done
运行脚本
bash restart.sh
Stopping rabbitmq-server: rabbitmq-server.
libvirt-bin stop/waiting
nova-network stop/waiting
nova-cert stop/waiting
nova-compute stop/waiting
nova-api stop/waiting
nova-objectstore stop/waiting
nova-scheduler stop/waiting
nova-volume stop/waiting
* Stopping OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth stop/waiting
Starting rabbitmq-server: SUCCESS
rabbitmq-server.
libvirt-bin start/running, process 9683
nova-network start/running, process 9703
nova-cert start/running, process 9713
nova-compute start/running, process 9724
nova-api start/running, process 9734
nova-objectstore start/running, process 9744
nova-scheduler start/running, process 9759
nova-volume start/running, process 9775
* Starting OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth start/running, process 9839
同步数据库
nova-manage db sync
会有一堆的输出,不过应该是没问题的。nova数据库里已经有相应的表,就表示正确。
# nova-manage db sync
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:639: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
Pool.__init__(self, creator, **kw)
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:145: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
self.add_listener(l)
2012-07-19 18:43:34 AUDIT nova.db.sqlalchemy.fix_dns_domains [-] Applying database fix for Essex dns_domains table.
创建Fix IP
FIX IP,就是分配给虚拟机的实际IP地址。这些数据都会写入数据库。$FIXED_RANGE 在novarc里设置。
nova-manage network create private --fixed_range_v4=$FIXED_RANGE --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=256 --multi_host=T
创建floating IP
所谓Floating IP,是亚马逊EC2的定义。简单说,就是公网的IP。他其实是通过类似防火墙类似,做一个映射。实际上是通过iptables来实现映射.
nova-manage floating create --ip_range=$FLOATING_RANGE
重启nova服务
bash restart.sh
libvirt-bin stop/waiting
nova-network stop/waiting
nova-cert stop/waiting
nova-compute stop/waiting
nova-api stop/waiting
nova-objectstore stop/waiting
nova-scheduler stop/waiting
nova-volume stop/waiting
* Stopping OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth stop/waiting
libvirt-bin start/running, process 23232
nova-network start/running, process 23252
nova-cert start/running, process 23262
nova-compute start/running, process 23273
nova-api start/running, process 23285
nova-objectstore start/running, process 23303
nova-scheduler start/running, process 23321
nova-volume start/running, process 23336
* Starting OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth start/running, process 23386
nova-manage service list
nova-manage
下面命令可以参考,详细的命令使用,
nova list
nova image-list
nova floating-ip-create
nova flavor-list
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-list
nova secgroup-list-rules default
命令行创建虚拟机的过程
nova keypair-add oskey > oskey.priv
chmod 600 oskey.priv
nova flavor-list
nova image-list
nova boot --flavor 2 --key_name oskey --image ea3ffba1-065e-483f-bfe2-c84184ee76be test1
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
这个时候,你在服务器上可以直接ssh到虚拟机上,ubuntu的虚拟机,用户是ubuntu。虚拟机的Ip
# nova list
+--------------------------------------+-------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------+--------+------------------+
| 61e93d62-c926-46fa-8e0c-48073b7e58b0 | test1 | ACTIVE | private=10.0.0.2 |
| 6976e539-32d9-48a6-9fb5-28a3cdb55f71 | test2 | ACTIVE | private=10.0.0.4 |
+--------------------------------------+-------+--------+------------------+
在服务器上直接ssh到虚拟机,如果你在远程,就需要分配floating IP。
ssh -i oskey.priv ubuntu@10.0.0.4
登陆虚拟机后,你可以查看一下路由
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.3 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
显示网关是10.0.0.3,这个时候,你看一下
root@node07:~# ifconfig
br100 Link encap:Ethernet HWaddr 00:e0:81:d8:4a:23
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::ccfc:5aff:fef5:4345/64 Scope:Link
结合上面的那个图,应该可以很好的帮助你的理解。如果你安装多节点,就更容易深入理解。
需要注意的是:br100的IP,需要你创建第一个虚拟机,他才会获得IP.
Dashobard
apt-get install -y apache2 libapache2-mod-wsgi openstack-dashboard
restart nova-api
http://10.50.9.240
user:admin
pass:password
Swift
由于swift的文档比较长,所以单独一个文档
http://www.chenshake.com/swift-single-version/
附录
理解project和user关系
上面需要注意的一个地方,就是 project的含义。以前的版本是tenant,租户意思,基本可以理解成企业。
你可以创建用户,用户属于一个project。创建用户的时候,就需要设置密码。
创建虚拟机
下面的流程,是复制我以前的文档,内容是没问题的。
1:设置安全组 Security group
安全组,其实就是虚拟机前面的防护墙。默认是关闭所有的包。需要打开防护墙。为了简单,我们把default的防护墙,端口全部打开。生产环境就不要这样操作。默认是default规则,直接修改default就可以。默认default,是阻止所有的访问。
安全组设置
2:创建密钥
为了安全考虑,ubuntu提供的模板,都是采用密钥登录。简单点说,你创建一对公钥和私钥。私钥下载到本地保存,公钥存放在服务器上,创建虚拟机的时候,会把公钥注入到虚拟机里。
这个时候,你如果有私钥,就可以直接登录。
下载私钥
点击create keypair,就会提示你下载私钥。私钥是pem后缀。
3:创建vm
创建vm的时候,你会选择keypair,安全组。
创建完成后,得到其实是一个内网IP
4:floating IP
给虚拟机分配一个 floating IP,可以理解成是公网的IP
关联vm
需要等待大概1分钟,才能看到关联后的结果
修改了其中数据库不能授权问题,优化了更新源,膜拜沙克老大
nova-network使用FlatDHCP+Multihost模式,每个服务器装两块网卡。eth0用于public network和manage network,eth1用于vm network。
节点名 角色 eth0 eth1 运行的服务
control-01 控制节点 10.50.9.240 keystone、glance、cinder、nova-api、nova-scheduler
compute-01 计算节点 10.50.9.241 nova-compute、nova-network、nova-api-metadata
compute-02 计算节点 10.50.9.242 nova-compute、nova-network、nova-api-metadata
compute-03 计算节点 10.50.9.243 nova-compute、nova-network、nova-api-metadata
使用的是 ubuntu-12.04.1-server-amd64
最小化安装,只需要安装ssh server就可以。
设置网络
Eth0: 10.50.9.240
Eth1: 不需要设置IP
编辑 /etc/network/interfaces,
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
#不同服务器有不同的IP地址
address 10.50.9.240
netmask 255.255.255.0
gateway 10.50.9.254
dns-nameservers 8.8.8.8
auto eth1
iface eth1 inet manual
up ifconfig eth1 up
查看当前网卡情况
# mii-tool
eth0: negotiated 1000baseT-FD flow-control, link ok
eth1: negotiated 1000baseT-FD flow-control, link ok
修改/etc/hostname(不同节点的hostname不一样) :
#cat /etc/hostname
control
修改/etc/hosts,添加上:
10.50.9.240 control
10.50.9.241 compute-01
10.50.9.242 compute-02
10.50.9.243 compute-03
10.50.9.244 compute-04
#######
/etc/init.d/networking restart
源
###################################################################
wget http://mirrors.163.com/.help/sources.list.precise
mv /etc/apt/sources.list /etc/apt/sources.list_copy
mv sources.list.precise /etc/apt/sources.list
#cat /etc/apt/sources.list_copy >> /etc/apt/sources.list
###################
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
apt-get update
apt-get upgrade
NTP服务器
对于单节点来说,NTP服务器,并不是必须的。如果是多台机器的环境。就需要设置所有的节点,都吧ntp服务指向相同的一个ntp服务器上。
apt-get -y install ntp
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
service ntp restart
设置ISCSI (可选)
如果你不测试nova volume,可以不安装
apt-get -y install tgt lvm2
##nova-compute节点,需要安装ISCSI客户端
##apt-get install -y open-iscsi open-iscsi-utils
Nova-volume (可选)
我安装系统的时候,创建了一个nova-volume的分区,我先umount,再创建一个volume,名字为nova-volumes。
nova的默认使用的volume的名字就是叫 nova-volumes. 如果你希望改变,就需要指定在nova.conf 文件里。
查看分区情况
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda8 623G 941M 591G 1% /
udev 2.0G 4.0K 2.0G 1% /dev
tmpfs 790M 276K 789M 1% /run
none 5.0M 0 5.0M 0% /run/lock
none 2.0G 0 2.0G 0% /run/shm
/dev/sda1 138M 30M 101M 23% /boot
/dev/sda7 97G 188M 92G 1% /nova-volume
/dev/sda6 97G 188M 92G 1% /swift
创建nova-volumes 卷
###umount /dev/sda6
pvcreate /dev/sda6
vgcreate nova-volumes /dev/sda6
###sed -i '/nova-volume/s/^/#/' /etc/fstab
Bridge
目前Openstack的网络是通过linux的bridge和iptables来实现的。
apt-get -y install bridge-utils
重启网络
/etc/init.d/networking restart
RabbitMQ和Memcache 等
RabbitMQ是用来做调度使用。Memcache是给Dashboard使用。
apt-get install -y rabbitmq-server memcached python-memcache kvm libvirt-bin curl
环境变量
运行完下面的命令,你再对novarc进行修改。
cat >/root/novarc <<EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":" | awk -F "." '{print $1"."$2"."$3}').224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=$(openssl rand -hex 10)
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF
根据你的需求进行调整,
我的novarc的内容
# cat novarc
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=10.1.199.224/27
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=d5d892e6de00a922f9fb
export MASTER="10.50.9.240"
确认没有问题或者进行修改,运行
source novarc
echo "source novarc">>.bashrc
MYSQL
应用数据库 数据库用户 密码
mysql root password
nova nova password
glance glance password
keystone keystone password
apt-get install -y mysql-server python-mysqldb
配置
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
重启mysql服务
service mysql restart
创建相关数据库(@后面换成自己的机器的主机名)
mysql -uroot -p$MYSQL_PASS <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'control' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-01' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-02' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-03' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'compute-04' IDENTIFIED BY 'password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'control' IDENTIFIED BY 'password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'control' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EOF
############
Keystone
Keystone是Openstack的核心,所有的组件,都需要通过keystone进行认证和授权。
租户(tenant) 用户 密码
admin admin password
service nova password
glance password
安装
apt-get install -y keystone python-keystone python-keystoneclient
配置
编辑/etc/keystone/keystone.conf,需要修改
直接使用下面命令进行修改。
sed -i -e " s/admin_token = ADMIN/admin_token = $SERVICE_TOKEN/g" /etc/keystone/keystone.conf
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}' /etc/keystone/keystone.conf
重启服务
service keystone restart
同步keystone数据库
keystone-manage db_sync
keystone_data.sh导入用户信息
endpoints.sh 设置endpoint
wget http://www.chenshake.com/wp-content/uploads/2012/07/keystone_data.sh_.txt
mv keystone_data.sh_.txt keystone_data.sh
bash keystone_data.sh
没任何输出,就表示正确,可以通过下面命令检查
echo $?
显示0,就表示脚本正确运行,千万不要重复运行脚本。
Endpoint 导入
wget http://www.chenshake.com/wp-content/uploads/2012/07/endpoints.sh_.txt
mv endpoints.sh_.txt endpoints.sh
bash endpoints.sh
测试
可以使用curl命令来测试。
命令的格式如下
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":
{"username": "adminUser", "password": "secretword"}}}' -H "Content-type:
application/json" http://IP:35357/v2.0/tokens | python -mjson.tool
你需要替换一下。
curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "password"}}}' -H "Content-type:application/json" http://$MASTER:35357/v2.0/tokens | python -mjson.tool
你就可以获得一个24小时的token。(注意,上面的脚本没有创建demo用户,所以没法用demo账号去测试)
"token": {
"expires": "2012-09-27T02:09:37Z",
"id": "c719448800214e189da04772c2f75e23",
"tenant": {
"description": null,
"enabled": true,
"id": "dc7ca2e51139457dada2d0f7a3719476",
"name": "admin"
}
通过下面命令,可以检查keystone的设置是否正确。
root@node17:~# keystone user-list
+----------------------------------+---------+----------------------+--------+
| id | enabled | email | name |
+----------------------------------+---------+----------------------+--------+
| 1189d15892d24e00827e707bd2b7ab07 | True | admin@chenshake.com | admin |
| cca4a4ed1e8842db99239dc98fb1617f | True | glance@chenshake.com | glance |
| daccc34eacc7493989cd13df93e7f6bc | True | swift@chenshake.com | swift |
| ee57b02c535d44f48943de13831da232 | True | nova@chenshake.com | nova |
+----------------------------------+---------+----------------------+--------+
root@node17:~# keystone endpoint-list
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
| 0b04e1baac1a4c9fb07490e0911192cf | RegionOne | http://10.50.9.240:5000/v2.0 | http://10.50.9.240:5000/v2.0 | http://10.50.9.240:35357/v2.0 |
| 0d3315627d52419fa08095f9def5d7e4 | RegionOne | http://10.50.9.240:8776/v1/%(tenant_id)s | http://10.50.9.240:8776/v1/%(tenant_id)s | http://10.50.9.240:8776/v1/%(tenant_id)s |
| 1c92290cba9f4a278b42dbdf2802096c | RegionOne | http://10.50.9.240:9292/v1 | http://10.50.9.240:9292/v1 | http://10.50.9.240:9292/v1 |
| 56fe83ce20f341d99fc576770c275586 | RegionOne | http://10.50.9.240:8774/v2/%(tenant_id)s | http://10.50.9.240:8774/v2/%(tenant_id)s | http://10.50.9.240:8774/v2/%(tenant_id)s |
| 5fb51aae00684e56818869918f86b564 | RegionOne | http://10.50.9.240:8080/v1/AUTH_%(tenant_id)s | http://10.50.9.240:8080/v1/AUTH_%(tenant_id)s | http://10.50.9.240:8080/v1 |
| aaac7663872d493b85d9e583329be9ed | RegionOne | http://10.50.9.240:8773/services/Cloud | http://10.50.9.240:8773/services/Cloud | http://10.50.9.240:8773/services/Admin |
+----------------------------------+-----------+-----------------------------------------------+-----------------------------------------------+------------------------------------------+
可以使用下面命令来查看结果
keystone tenant-list
keystone user-list
keystone role-list
Glance
Glance是提供镜像管理服务,可以理解成一个中间件,后面的存储可以是本地存储,也可以使用swift存储。
安装
apt-get install -y glance glance-api glance-client glance-common glance-registry python-glance
配置
编辑 /etc/glance/glance-api-paste.ini,/etc/glance/glance-registry-paste.ini,两个文件,都是修改文档最后3行
直接运行下面两条命令,实现修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/glance/glance-api-paste.ini
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/glance/glance-registry-paste.ini
编辑/etc/glance/glance-registry.conf,改成使用mysql验证
运行下面命令实现修改
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}' /etc/glance/glance-registry.conf
编辑/etc/glance/glance-registry.conf 和 /etc/glance/glance-api.conf,都在文件末尾添加两行
运行下面命令,完成修改
cat <<EOF >>/etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone
EOF
cat <<EOF >>/etc/glance/glance-registry.conf
[paste_deploy]
flavor = keystone
EOF
重启glance服务
service glance-api restart && service glance-registry restart
同步glance数据库
# glance-manage version_control 0
# glance-manage db_sync
/usr/lib/python2.7/dist-packages/glance/registry/db/migrate_repo/versions/003_add_disk_format.py:47:
SADeprecationWarning: useexisting is deprecated. Use extend_existing.
useexisting=True)
看到下面的输出,表示正常的。
重启glance服务
service glance-api restart && service glance-registry restart
测试
glance index
没有输出,表示正常,因为目前还没有镜像。
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare disk_format=qcow2 < /root/cirros-0.3.0-x86_64-disk.img
wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < /root/precise-server-cloudimg-amd64-disk1.img
# glance index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
5dcf84a0-b491-4710-8d7a-5531bce0dedc cirros-0.3.0-x86_64 qcow2 bare 9761280
f4f62d8a-3e5b-4136-8547-ce3cb79771aa Ubuntu 12.04 cloudimg amd64 qcow2 ovf 230817792
Nova
安装
apt-get install -y nova-api nova-cert nova-common nova-objectstore nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient nova-compute-kvm nova-network
nova-compute
配置
编辑 /etc/nova/api-paste.ini , 修改末尾3行
运行下面命令进行修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/nova/api-paste.ini
编辑/etc/nova/nova.conf 文件,
为了简单,大家直接copy下面内容,运行就可以。
虚拟机里安装,需要吧 libvirt_type=kvm 改成 ibvirt_type=qemu
cat >/etc/nova/nova.conf <<EOF
[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False
###### AUTHENTICATION
auth_strategy=keystone
###### SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler
###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm
###### DATABASE
sql_connection=mysql://nova:$MYSQL_PASS@$MASTER/nova
###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true
###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=$MASTER
cc_host=$MASTER
###### RABBITMQ
rabbit_host=$MASTER
###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=$MASTER:9292
###### NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=eth0
flat_interface=eth1
flat_network_bridge=br100
fixed_range=$FIXED_RANGE
multi_host=true
###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://$MASTER:6080/vnc_auto.html
vncserver_proxyclient_address=$MASTER
vncserver_listen=$MASTER
########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap
EOF
设置目录权限
chown -R nova:nova /etc/nova
重启所有服务
service rabbitmq-server restart
service libvirt-bin restart
service nova-scheduler restart
service nova-network restart
service nova-cert restart
service nova-compute restart
service nova-api restart
service nova-objectstore restart
service nova-volume restart
由于服务数量比较多,创建一个脚本 restart.sh 来重启所有服务。
#!/bin/bash
for a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \
nova-api nova-objectstore nova-scheduler nova-volume \
novnc nova-consoleauth; do service "$a" stop; done
for a in rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \
nova-api nova-objectstore nova-scheduler nova-volume \
novnc nova-consoleauth; do service "$a" start; done
运行脚本
bash restart.sh
Stopping rabbitmq-server: rabbitmq-server.
libvirt-bin stop/waiting
nova-network stop/waiting
nova-cert stop/waiting
nova-compute stop/waiting
nova-api stop/waiting
nova-objectstore stop/waiting
nova-scheduler stop/waiting
nova-volume stop/waiting
* Stopping OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth stop/waiting
Starting rabbitmq-server: SUCCESS
rabbitmq-server.
libvirt-bin start/running, process 9683
nova-network start/running, process 9703
nova-cert start/running, process 9713
nova-compute start/running, process 9724
nova-api start/running, process 9734
nova-objectstore start/running, process 9744
nova-scheduler start/running, process 9759
nova-volume start/running, process 9775
* Starting OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth start/running, process 9839
同步数据库
nova-manage db sync
会有一堆的输出,不过应该是没问题的。nova数据库里已经有相应的表,就表示正确。
# nova-manage db sync
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:639: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
Pool.__init__(self, creator, **kw)
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:145: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
self.add_listener(l)
2012-07-19 18:43:34 AUDIT nova.db.sqlalchemy.fix_dns_domains [-] Applying database fix for Essex dns_domains table.
创建Fix IP
FIX IP,就是分配给虚拟机的实际IP地址。这些数据都会写入数据库。$FIXED_RANGE 在novarc里设置。
nova-manage network create private --fixed_range_v4=$FIXED_RANGE --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=256 --multi_host=T
创建floating IP
所谓Floating IP,是亚马逊EC2的定义。简单说,就是公网的IP。他其实是通过类似防火墙类似,做一个映射。实际上是通过iptables来实现映射.
nova-manage floating create --ip_range=$FLOATING_RANGE
重启nova服务
bash restart.sh
libvirt-bin stop/waiting
nova-network stop/waiting
nova-cert stop/waiting
nova-compute stop/waiting
nova-api stop/waiting
nova-objectstore stop/waiting
nova-scheduler stop/waiting
nova-volume stop/waiting
* Stopping OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth stop/waiting
libvirt-bin start/running, process 23232
nova-network start/running, process 23252
nova-cert start/running, process 23262
nova-compute start/running, process 23273
nova-api start/running, process 23285
nova-objectstore start/running, process 23303
nova-scheduler start/running, process 23321
nova-volume start/running, process 23336
* Starting OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth start/running, process 23386
nova-manage service list
nova-manage
下面命令可以参考,详细的命令使用,
nova list
nova image-list
nova floating-ip-create
nova flavor-list
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-list
nova secgroup-list-rules default
命令行创建虚拟机的过程
nova keypair-add oskey > oskey.priv
chmod 600 oskey.priv
nova flavor-list
nova image-list
nova boot --flavor 2 --key_name oskey --image ea3ffba1-065e-483f-bfe2-c84184ee76be test1
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
这个时候,你在服务器上可以直接ssh到虚拟机上,ubuntu的虚拟机,用户是ubuntu。虚拟机的Ip
# nova list
+--------------------------------------+-------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------+--------+------------------+
| 61e93d62-c926-46fa-8e0c-48073b7e58b0 | test1 | ACTIVE | private=10.0.0.2 |
| 6976e539-32d9-48a6-9fb5-28a3cdb55f71 | test2 | ACTIVE | private=10.0.0.4 |
+--------------------------------------+-------+--------+------------------+
在服务器上直接ssh到虚拟机,如果你在远程,就需要分配floating IP。
ssh -i oskey.priv ubuntu@10.0.0.4
登陆虚拟机后,你可以查看一下路由
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.3 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
显示网关是10.0.0.3,这个时候,你看一下
root@node07:~# ifconfig
br100 Link encap:Ethernet HWaddr 00:e0:81:d8:4a:23
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::ccfc:5aff:fef5:4345/64 Scope:Link
结合上面的那个图,应该可以很好的帮助你的理解。如果你安装多节点,就更容易深入理解。
需要注意的是:br100的IP,需要你创建第一个虚拟机,他才会获得IP.
Dashobard
apt-get install -y apache2 libapache2-mod-wsgi openstack-dashboard
restart nova-api
http://10.50.9.240
user:admin
pass:password
Swift
由于swift的文档比较长,所以单独一个文档
http://www.chenshake.com/swift-single-version/
附录
理解project和user关系
上面需要注意的一个地方,就是 project的含义。以前的版本是tenant,租户意思,基本可以理解成企业。
你可以创建用户,用户属于一个project。创建用户的时候,就需要设置密码。
创建虚拟机
下面的流程,是复制我以前的文档,内容是没问题的。
1:设置安全组 Security group
安全组,其实就是虚拟机前面的防护墙。默认是关闭所有的包。需要打开防护墙。为了简单,我们把default的防护墙,端口全部打开。生产环境就不要这样操作。默认是default规则,直接修改default就可以。默认default,是阻止所有的访问。
安全组设置
2:创建密钥
为了安全考虑,ubuntu提供的模板,都是采用密钥登录。简单点说,你创建一对公钥和私钥。私钥下载到本地保存,公钥存放在服务器上,创建虚拟机的时候,会把公钥注入到虚拟机里。
这个时候,你如果有私钥,就可以直接登录。
下载私钥
点击create keypair,就会提示你下载私钥。私钥是pem后缀。
3:创建vm
创建vm的时候,你会选择keypair,安全组。
创建完成后,得到其实是一个内网IP
4:floating IP
给虚拟机分配一个 floating IP,可以理解成是公网的IP
关联vm
需要等待大概1分钟,才能看到关联后的结果
466
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
