Openstack安装部署手册

1、Openstack安装部署手册Havana版本目 录 TOC o 1-3 h z u HYPERLINK l _Toc528696638 1.环境 PAGEREF _Toc528696638 h 4 HYPERLINK l _Toc528696639 2.组件整体结构 PAGEREF _Toc528696639 h 4 HYPERLINK l _Toc528696640 3.环境准备 PAGEREF _Toc528696640 h 5 HYPERLINK l _Toc528696641 3.1.网卡配置 PAGEREF _Toc528696641 h 5 HYPERLINK l _Toc528

2、696642 3.2.修改主机名 PAGEREF _Toc528696642 h 5 HYPERLINK l _Toc528696643 3.3.安装mysql 数据库 PAGEREF _Toc528696643 h 5 HYPERLINK l _Toc528696644 4.安装openstack包 PAGEREF _Toc528696644 h 6 HYPERLINK l _Toc528696645 4.1.安装openstack 单元包 PAGEREF _Toc528696645 h 6 HYPERLINK l _Toc528696646 4.2.安装Messaging server P

3、AGEREF _Toc528696646 h 6 HYPERLINK l _Toc528696647 5.安装keystone认证服务 PAGEREF _Toc528696647 h 6 HYPERLINK l _Toc528696648 5.1.创建openstack keystone 与数据库的连接 PAGEREF _Toc528696648 h 6 HYPERLINK l _Toc528696649 5.2.定义一个授权令牌 PAGEREF _Toc528696649 h 6 HYPERLINK l _Toc528696650 5.3.配置创建密钥与证书 PAGEREF _Toc5286

4、96650 h 7 HYPERLINK l _Toc528696651 5.4.启动keystone PAGEREF _Toc528696651 h 7 HYPERLINK l _Toc528696652 5.5.定义用户租客和roles PAGEREF _Toc528696652 h 7 HYPERLINK l _Toc528696653 5.6.创建服务与定义API endpoint PAGEREF _Toc528696653 h 8 HYPERLINK l _Toc528696654 6.配置glance PAGEREF _Toc528696654 h 9 HYPERLINK l _To

5、c528696655 6.1.安装glance 组建 PAGEREF _Toc528696655 h 9 HYPERLINK l _Toc528696656 6.2.创建glance数据连接 PAGEREF _Toc528696656 h 9 HYPERLINK l _Toc528696657 6.3.keystone下定义名为glance的用户 PAGEREF _Toc528696657 h 9 HYPERLINK l _Toc528696658 6.4.添加glance roles PAGEREF _Toc528696658 h 9 HYPERLINK l _Toc528696659 6.

6、5.配置imgae的服务的身份验证 PAGEREF _Toc528696659 h 9 HYPERLINK l _Toc528696660 6.6.添加凭证到/etc/glance/glance-api-paste.ini 和/etc/ PAGEREF _Toc528696660 h 10 HYPERLINK l _Toc528696661 6.7.glance/glance-registry-paste.inifiles.两个文件 PAGEREF _Toc528696661 h 10 HYPERLINK l _Toc528696662 6.8.keysotne创建glance 服务 PAGE

7、REF _Toc528696662 h 10 HYPERLINK l _Toc528696663 6.9.启动glance服务 PAGEREF _Toc528696663 h 11 HYPERLINK l _Toc528696664 6.10.校验glance服务 PAGEREF _Toc528696664 h 11 HYPERLINK l _Toc528696665 7.安装nova 组建 PAGEREF _Toc528696665 h 12 HYPERLINK l _Toc528696666 7.1.配置nova数据连接 PAGEREF _Toc528696666 h 12 HYPERLI

8、NK l _Toc528696667 7.2.keysotne创建nova user PAGEREF _Toc528696667 h 12 HYPERLINK l _Toc528696668 7.3.添加roles PAGEREF _Toc528696668 h 12 HYPERLINK l _Toc528696669 7.4.配置计算服务的身份验证 PAGEREF _Toc528696669 h 13 HYPERLINK l _Toc528696670 7.5.keysotne创建nova service PAGEREF _Toc528696670 h 13 HYPERLINK l _Toc

9、528696671 7.6.创建endpoint PAGEREF _Toc528696671 h 13 HYPERLINK l _Toc528696672 7.7.启动nova 的各项服务 PAGEREF _Toc528696672 h 14 HYPERLINK l _Toc528696673 7.8.校验nova 服务 PAGEREF _Toc528696673 h 14 HYPERLINK l _Toc528696674 8.安装nova network PAGEREF _Toc528696674 h 14 HYPERLINK l _Toc528696675 8.1.安装一个本地数据元 P

10、AGEREF _Toc528696675 h 15 HYPERLINK l _Toc528696676 8.2.启动nova network PAGEREF _Toc528696676 h 15 HYPERLINK l _Toc528696677 8.3.创建vlan PAGEREF _Toc528696677 h 15 HYPERLINK l _Toc528696678 8.4.开放安全规则 PAGEREF _Toc528696678 h 15 HYPERLINK l _Toc528696679 8.5.校验各项服务是否正常 PAGEREF _Toc528696679 h 16 HYPERL

11、INK l _Toc528696680 9.安装dashboard PAGEREF _Toc528696680 h 16 HYPERLINK l _Toc528696681 9.1.修改缓存 PAGEREF _Toc528696681 h 16 HYPERLINK l _Toc528696682 9.2.修改/etc/openstack-dashboard/local_settings PAGEREF _Toc528696682 h 17 HYPERLINK l _Toc528696683 9.3.启动dashboard PAGEREF _Toc528696683 h 17 HYPERLINK

12、 l _Toc528696684 9.4.校验安装 PAGEREF _Toc528696684 h 17 HYPERLINK l _Toc528696685 10.Glance 制作虚拟机的.img 文件 PAGEREF _Toc528696685 h 17 HYPERLINK l _Toc528696686 10.1.创建image disk PAGEREF _Toc528696686 h 17 HYPERLINK l _Toc528696687 10.2.启动virt-manager 创建虚拟机 PAGEREF _Toc528696687 h 17 HYPERLINK l _Toc5286

13、96688 10.3.安装后修改虚拟机如下几个配置问题 PAGEREF _Toc528696688 h 21 HYPERLINK l _Toc528696689 10.4.Glance 制作image镜像 PAGEREF _Toc528696689 h 22 HYPERLINK l _Toc528696690 11.风格flavor的创建 PAGEREF _Toc528696690 h 22 HYPERLINK l _Toc528696691 11.1.查看flavor的情况 PAGEREF _Toc528696691 h 22 HYPERLINK l _Toc528696692 11.2.创

14、建新的风格 PAGEREF _Toc528696692 h 22 HYPERLINK l _Toc528696693 12.创建虚拟机 PAGEREF _Toc528696693 h 22环境物理数量 1台主机名 Controller网卡数量 1 ip地址 77Dns 15Cpu 个数 1内存 6GB硬盘容量1TB操作系统版本redhat6.3组件整体结构PS：在本环境中由于只有一台物理机，所以主机要即当管理节点又提供计算服务，所以除了以上controller 中上述组件还要安装nova-compute ，nova-network服务。 环境准备网卡配置Vi /etc/sysconfig/ne

15、twork-scripts/ifcfg-eth0# Internal NetworkDEVICE=eth0TYPE=EthernetBOOTPROTO=staticIPADDR=77NETMASK=DEFROUTE=yes# service network restartONBOOT=yes# service NetworkManager stop# service network start# chkconfig NetworkManager off# chkconfig network on修改主机名Vi /etc/sysconfig/networkHOSTNAME=controller

16、Vi /etc/hosts localhost77 controller安装mysql 数据库 # yum install mysql mysql-server MySQL-python Vi /etc/f mysqld.bind-address = 77启动mysql# service mysqld start# chkconfig mysqld on初次创建时删除 anonymous user# mysql_install_db# mysql_secure_installation# yum install mysql MySQL-python安装openstack包下载并安装/repos

17、/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm /pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 这两个包，这两个包安装后会自动配置安装openstack的外网yum源安装openstack 单元包yum install openstack-utilsyum install openstack-selinuxyum upgraderebootPS：外网环境十分不稳定，安装可能会经常失败，安装失败后清除安装失败的包，后则后期如果安装时由于安装包没有装全或者装好会带来意想不到麻烦。安

18、装Messaging serveryum install qpid-cpp-server memcachedvi /etc/qpidd.confauth=no# service qpidd start# chkconfig qpidd on安装keystone认证服务# yum install openstack-keystone python-keystoneclient修改配置文件# openstack-config -set /etc/keystone/keystone.conf sql connection mysql:/keystone:KEYSTONE_DBPASScontroll

19、er/keystone创建openstack keystone 与数据库的连接# openstack-db -init -service keystone -password KEYSTONE_DBPASS定义一个授权令牌# ADMIN_TOKEN=$(openssl rand -hex 10)# echo $ADMIN_TOKEN# openstack-config -set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN配置创建密钥与证书# keystone-manage pki_setup -keystone-us

20、er keystone -keystone-groupkeystone# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log启动keystone# service openstack-keystone start# chkconfig openstack-keystone on定义用户租客和roles导出环境变量 # export OS_SERVICE_TOKEN=ADMIN_TOKEN# export OS_SERVICE_ENDPOINT=http:/controller:35357/v2.0P

21、S：这里的ADMIN_TOKEN 是上面定义授权令牌时候生成的一串数字可以将上述编辑成以后文件之后source 这个文件创建admin租客# keystone tenant-create -name=admin -description=Admin Tenant+| Property | Value | +| description | Admin Tenant | enabled | True | id | 17d0aac7259c4f308c5ed81904e267f2 | name | admin |+# keystone tenant-create -name=service -des

22、cription=Service Tenant+| Property | Value |+| description | Service Tenant | enabled | True | id | 54a02d2556c1423eaee8a514da372e0f | name | service |+PS：这里很有可能会报错，提示租户无法创建，重启keystone会解决问题Service openstack-keystone restartkeystone user-create -name=admin -pass=ADMIN_PASS HYPERLINK mailto:-email=adm

23、inexample.co -email=adminexample.coADMIN_PASS是你设置的秘密keystone user-create -name=admin -pass=PASSWORD HYPERLINK mailto:-email=adminexample.co -email=adminexample.co创建服务与定义API endpointkeystone service-create -name=keystone -type=identity -description=Keystone Identity Service+| Property | Value |+| des

24、cription | Keystone Identity Service | id | 7711a2a72fb34caea36782f7cd669e03 | name | keystone | type | identity 定义APIkeystone endpoint-create -service-id=7711a2a72fb34caea36782f7cd669e03 -publicurl=http:/controller:5000/v2.0 -internalurl=http:/controller:5000/v2.0 -adminurl=http:/controller:35357/v

25、2.0+| Property | Value |+| adminurl | http:/controller:35357/v2.0 | id | e153f3c72b2544cf8f7f0bd557a62cad | internalurl | http:/controller:5000/v2.0 | publicurl | http:/controller:5000/v2.0 | region | regionOne | service_id | 7711a2a72fb34caea36782f7cd669e03 |Vi 一个文件，包含以下内容export OS_USERNAME=adminex

26、port OS_PASSWORD=PASSWORDexport OS_TENANT_NAME=adminexport OS_AUTH_URL=http:/controller:35357/v2.0source 这个文件校验服务keystone user-list+| id | enabled | email | name |+| a4c2d43f80a549a19864c89d759bb3fe | True | admin | admin |说明配置正确出过出现报错，请查看/var/log/kestone 下的详细内容配置glance安装glance 组建# yum install opens

27、tack-glance修改配置文件openstack-config -set /etc/glance/glance-api.conf DEFAULT sql_connection mysql:/glance:PASSWORDcontroller/glance openstack-config -set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql:/glance:PASSWORDcontroller/glance创建glance数据连接openstack-db -init -service glance -passw

28、ord PASSWORDkeystone下定义名为glance的用户keystone user-create -name=glance -pass=PASSWORD - HYPERLINK mailto:email=glance email=glance添加roles keystone user-role-add -user=glance -tenant=service -role=admin添加glance roleskeystone user-role-add -user=glance -tenant=service -role=admin配置imgae的服务的身份验证openstack-

29、config -set /etc/glance/glance-api.conf keystone_authtoken auth_uri http:/controller:5000openstack-config -set /etc/glance/glance-api.conf keystone_authtoken auth_host controlleropenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name serviceopenstack-config -set /etc/g

30、lance/glance-api.conf keystone_authtoken admin_user glanceopenstack-config -set /etc/glance/glance-api.conf keystone_authtoken admin_password PASSWORDopenstack-config -set /etc/glance/glance-api.conf paste_deploy flavor keystoneopenstack-config -set /etc/glance/glance-registry.conf keystone_authtoke

31、n auth_uri http:/controller:5000openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken auth_host controlleropenstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken

32、admin_user glance openstack-config -set /etc/glance/glance-registry.conf keystone_authtoken admin_password PASSWORDopenstack-config -set /etc/glance/glance-registry.conf paste_deploy flavor keystone添加凭证到/etc/glance/glance-api-paste.ini 和/etc/glance/glance-registry-paste.inifiles.两个文件# cp /usr/share/

33、glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini# cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.in并且添加以下内容filter:authtokenpaste.filter_factory=keystoneclient.middleware.auth_token:filter_factoryauth_host=controlleradmin_user=glanceadmin_tenant

34、_name=serviceadmin_password=PASSWORDkeysotne创建glance 服务# keystone service-create -name=glance -type=image -description=Glance Image Service+| Property | Value |+| description | Glance Image Service | id | f7494dceb5ef46e7960827a0ecdde89e | name | glance | type | image |+Keystone 创建glance的endpointkey

35、stone endpoint-create -service-id=f7494dceb5ef46e7960827a0ecdde89e -publicurl=http:/controller:9292 -internalurl=http:/controller:9292 -adminurl=http:/controller:9292+| Property | Value |+| adminurl | http:/controller:9292 | id | fe7cc75f8741455cb0688927845799b2 | internalurl | http:/controller:9292

36、 | publicurl | http:/controller:9292 | +| region | regionOne | service_id | f7494dceb5ef46e7960827a0ecdde89e |启动glance服务# service openstack-glance-api start# service openstack-glance-registry start# chkconfig openstack-glance-api on# chkconfig openstack-glance-registry on校验glance服务执行glance imgae-lis

37、t 命令+| ID | Name | Disk Format | Container Format | Size | Status |+表示正常，如果有报错请查看var/log/glance下的详细内容安装nova 组建yum install openstack-nova python-novaclient修改配置文件openstack-config -set /etc/nova/nova.conf database connection mysql:/nova:PASSWORDcontroller/nova配置使用messaging server openstack-config -set

38、/etc/nova/nova.conf DEFAULT rpc_backend mon.rpc.impl_qpid Openstack-config -set /etc/nova/nova.conf DEFAULT qpid_hostname controller配置nova数据连接openstack-db -init -service nova -password PASSWORD配置myIP vncserver listen 和vncserver_proxyclient_addressopenstack-config -set /etc/nova/nova.conf DEFAULT my_

39、ip 77openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_listen 77openstack-config -set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 77keysotne创建nova userkeystone user-create -name=nova -pass=PASSWORD -email nova+| Property | Value |+| email | nova | enabled | True | id | 0ab248

40、6266cb40f4808b03cd0f99929c | name | nova |添加roleskeystone user-role-add -user=nova -tenant=service -role=admin配置计算服务的身份验证openstack-config -set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_host controlleropenstack-config -set /etc

41、/nova/nova.conf keystone_authtoken auth_protocol httpopenstack-config -set /etc/nova/nova.conf keystone_authtoken auth_port 35357openstack-config -set /etc/nova/nova.conf keystone_authtoken admin_user nova openstack-config -set /etc/nova/nova.conf keystone_authtoken admin_tenant_name serviceopenstac

42、k-config -set /etc/nova/nova.conf keystone_authtoken admin_password PASSWORDvi /etc/nova/api-paste.initpaste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = controllerauth_port = 35357auth_protocol = httpauth_uri = http:/controller:5000/v2.0admin_tenant_name = service

43、admin_user = novaadmin_password = PASSWORDkeysotne创建nova servicekeystone service-create -name=nova -type=compute -description=Nova Compute service+| Property | Value |+| description | Nova Compute service | id | 3b1a58f73d9d43e2807e8148448a333f | name | nova | type | compute |创建endpointkeystone endp

44、oint-create -service-id=3b2d8cd63d444ac4b7899e65eeb0021a -publicurl=http:/controller:8774/v2/%(tenant_id)s -internalurl=http:/controller:8774/v2/%(tenant_id)s -adminurl=http:/controller:8774/v2/%(tenant_id)s+| Property | Value |+| adminurl | http:/controller:8774/v2/%(tenant_id)s | id | 01d675db4ef9

45、49a496fc7c603df6df8a | internalurl | http:/controller:8774/v2/%(tenant_id)s | publicurl | http:/controller:8774/v2/%(tenant_id)s | region | regionOne | service_id | 3b1a58f73d9d43e2807e8148448a333f |启动nova 的各项服务# service openstack-nova-api start# service openstack-nova-cert start# service openstack-

46、nova-consoleauth start# service openstack-nova-scheduler start# service openstack-nova-conductor start# service openstack-nova-novncproxy start# chkconfig openstack-nova-consoleauth on# chkconfig openstack-nova-scheduler on# chkconfig openstack-nova-conductor on# chkconfig openstack-nova-novncproxy

47、on校验nova 服务执行nova list 显示虚拟机等信息。如果无返回输出其他。说明nova服务不正常，请查看/var/log/nova下的详细日志安装nova networkyum install openstack-nova-network修改配置文件openstack-config -set /etc/nova/nova.conf DEFAULT network_manager work.manager.FlatDHCPManageropenstack-config -set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.

48、libvirt.firewall.IptablesFirewallDriver openstack-config -set /etc/nova/nova.conf DEFAULT network_size 254openstack-config -set /etc/nova/nova.conf DEFAULT allow_same_net_traffic Falseopenstack-config -set /etc/nova/nova.conf DEFAULT multi_host Trueopenstack-config -set /etc/nova/nova.conf DEFAULT s

49、end_arp_for_ha Trueopenstack-config -set /etc/nova/nova.conf DEFAULT share_dhcp_address Tureopenstack-config -set /etc/nova/nova.conf DEFAULT force_dhcp_release Trueopenstack-config -set /etc/nova/nova.conf DEFAULT flat_interface eth0openstack-config -set /etc/nova/nova.conf DEFAULT flat_network_bri

50、dge br100openstack-config -set /etc/nova/nova.conf DEFAULT public_interface eth0nova network-create vmnet -fixed-range-v4=/24 -bridge=br100 -multi-host=T安装一个本地数据元# yum install openstack-nova-api# service openstack-nova-metadata-api start# chkconfig openstack-nova-metadata-api on启动nova network# servi

51、ce openstack-nova-network start# chkconfig openstack-nova-network on创建vlannova network-create vmnet -fixed-range-v4=/24 -bridge=br100 -multi-host=TNova network-list查看创建网络开放安全规则nova secgroup-add-rule defaulttcp 22 22 /0nova secgroup-add-rule defaulticmp -1 -1 /0校验各项服务是否正常nova flavor-list+| ID | Name

52、| Memory_MB | Disk | Ephemeral | Swap | VCPUs |RXTX_Factor | Is_Public |+| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | 5 | m1.xlarge | 16384 | 160

53、 | 0 | | 8 | 1.0 | True |+nova image-list+| ID | Name | Status | Server |+| 9e5c2bee-0373-414c-b4af-b91b0246ad3b | CirrOS 0.3.1 | ACTIVE | |安装dashboardyum install memcached python-memcached mod_wsgi openstack-dashboard修改缓存打开/etc/openstack-dashboard/local_settings 查看CACHES = default: BACKEND : django.core.cache.backends.memcached.MemcachedCache,LOCATION : :11211修改/etc/openstack-dashboard/loc