centos6 5openstackkvm云平台部署注意以下截图仅提供参考参数不一定跟相同矩形框起来技术点可以忽

Havana(Nova-Network版主机 统DISK,2网 SK,2网 计算节二、管理节点安装[root@openstack~]#rpm-[root@openstack~]#rpm-[root@openstack~]#yum.[root@openstack~]#vi [root@openstack~]#vi/etc/sysconfig/network-scripts/ifcfg-eth0[root@openstack~]#vi/etc/sysconfig/network-scripts/ifcfg-eth1关闭[root@openstack~]#more#ThisfilecontrolsthestateofSELinuxonthesystem.#SELINUX=cantakeoneofthesethreevalues: enforcing-SELinuxsecurityisen permissive-SELinuxprintswarningsinsteadofenforcing. disabled-SELinuxisfullydisabled.#SELINUXTYPE=typeofinuse.Possiblevalues targeted-Onlytargetednetworkdaemonsareprotected. strict-FullSELinuxprotection.[root@openstack~]#seten0[root@openstack~]#vi- NTPNTP[root@openstack~]#yum-yinstallNTP[root@openstack~]#vi/etc/ntp.confdriftfile/var/lib/ntp/driftrestrictrestrictmasknomodifynotrapserverntp.api.bzserver stratum10keys/etc/ntp/keys[root@openstack~]#servicentpd[root@openstack~]#chkconfigntpd配置安装MySQL[root@openstack~]#yum-yinstallmysqlmysql-serverMySQL-MySQL# #Disablingsymbolic-linksis mendedtopreventassortedsecurityrisksbind-address= #设置IP地址[root@openstack~]#servicemysqldstart[root@openstack~]#chkconfigmysqld修改MySQL为[root@openstack~]#mysqladmin-urootpassword'passwd';history-qpidqpid[root@openstack~]#yum-yinstallqpid-cpp-server修改/etc/qpidd.conf配置文件,auth[root@openstack~]# [root@openstack~]#serviceqpidd[root@openstack~]#chkconfigqpidd[root@openstack~]#yuminstall-yopenstack-安装配置初始化KeyStone[root@openstack~]#yum-yinstallopenstack- [root@openstack~]#openstack-db--init--service [root@openstack~]#openstack-config--set/etc/keystone/keystone.confsqlconnection [root@openstack~]#exportSERVICE_TOKEN=$(opensslrand-hex[root@openstack~]#exportSERVICE_ENDPOINT=[root@openstack~]#mkdir/root/config[root@openstack~]#echo$SERVICE_TOKEN>/root/config/admin.txt[root@openstack~]#cat/root/config/admin.txt[root@openstack~]#openstack-config--set/etc/keystone/keystone.confDEFAULTadmin_token$SERVICE_TOKEN*SERVICE_TOKENSERVICE_TOKEN [root@openstack~]#chown-Rkeystone:keystone[root@openstack~]#serviceopenstack-keystonestart[root@openstack~]#chkconfigopenstack-keystoneUsers、Tenantsand[root@openstack~]#viexportOS_USERNAME=adminexportexportexportSERVICE_ENDPOINT=exportSERVICE_TOKEN=9860f4302f7e344ca901 [root@openstack~]#source为管理员用户创建一个tenantopenstack其他服务的用户创建一个[root@openstack~]#keystonetenant-create--name=service--description='Service创建一个管理员用户创建一个管理员角色Services和APIID创建一个[root@openstack~]#vi/root/config/keystone.shservice=$(keystoneservice-list|awk'/keystone/{print[root@openstack~]#sh安装配置初始化Glance[root@openstack~]#yum-yinstallopenstack-[root@openstack~]#openstack-db--init--service [root@openstack~]#openstack-config--set/etc/glance/glance-api.confDEFAULTsql_connectionmysql://glance:glance@localhost/glance[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confDEFAULTsql_connectionmysql://glance:glance@localhost/glance创建UserServices和APIGlanceglance使用服务ID创建一个endpoint：[root@openstack~viroot/config/glance.shservice=$(keystoneservice-list|awk'/glance/{print[root@mg~]#shWARNING:Bypassingauthenticationusingatoken&endpoint(authenticationcredentialsarebeingignored). | |internalurl || |||| 配置Glance[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenauth_host[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenauth_port35357[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenauth_protocolhttp[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenadmin_tenant_nameservice[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenadmin_userglance[root@openstack~]#openstack-config--set/etc/glance/glance-api.confkeystone_authtokenadmin_passwordservice[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenauth_host[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenauth_port35357[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenauth_protocolhttp[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenadmin_tenant_nameservice[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenadmin_userglance[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confkeystone_authtokenadmin_passwordservice修改ini文件路径，将keystone认证信息添加到ini[root@openstack~]#openstack-config--set/etc/glance/glance-api.confpaste_deployconfig_file/etc/glance/glance-api-paste.ini[root@openstack~]#openstack-config--set/etc/glance/glance-api.confpaste_deployflavorkeystone[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confpaste_deployconfig_file/etc/glance/glance-registry-paste.ini[root@openstack~]#openstack-config--set/etc/glance/glance-registry.confpaste_deployflavorkeystone[root@openstack~]#chown-Rroot:glance/etc/glance/glance-api-paste.ini[root@openstack~]#chown-Rroot:glance/etc/glance/glance-registry-paste.ini[root@openstack~]#openstack-config--set/etc/glance/glance-api-paste.inifilter:authtokenauth_host[root@openstack~]#openstack-config--set/etc/glance/glance-api-paste.inifilter:authtokenadmin_tenant_nameservice[root@openstack~]#openstack-config--set/etc/glance/glance-api-paste.inifilter:authtokenadmin_userglance[root@openstack~]#openstack-config--set/etc/glance/glance-api-paste.inifilter:authtokenadmin_passwordservice[root@openstack~]#openstack-config--set/etc/glance/glance-registry-paste.inifilter:authtokenauth_host[root@openstack~]#openstack-config--set/etc/glance/glance-registry-paste.inifilter:authtokenadmin_tenant_nameservice[root@openstack~]#openstack-config--set/etc/glance/glance-registry-paste.inifilter:authtokenadmin_userglance[root@openstack~]#openstack-config--set/etc/glance/glance-registry-paste.inifilter:authtokenadmin_passwordservice [root@openstack~]#openstack-config--set/etc/glance/glance-api.confDEFAULTfilesystem_store_datadir/openstack/lib/glance/images/[root@openstack~]#openstack-config--set/etc/glance/glance-api.confDEFAULTscrubber_datadir/openstack/lib/glance/scrubber[root@openstack~]#openstack-config--set/etc/glance/glance-api.confDEFAULTimage_cache_dir/openstack/lib/glance/image-cache/[root@openstack~]#mkdir-p/openstack/lib[root@openstack~]#cp-r/var/lib/glance//openstack/lib/[root@openstack~]#chown-Rglance:glance[root@openstack~]#serviceopenstack-glance-apistart[root@openstack~]#serviceopenstack-glance-registrystart[root@openstack~]#chkconfigopenstack-glance-apion[root@openstack~]#chkconfigopenstack-glance-registryon 的测试镜像，它经常用于测试OpenStack部署。这个过程，使用了64-bit的CirrOSQCOW2镜像。 和创建镜像的信息，请参考“OpenStackVirtualMachineImageGuide”，有关如何管理镜像的信息，请参考“OpenStackUserGuide”.1.用wget或 $mkdir$cd$imageLabel containerFormat指定的容器格式，有效的格式包括：bare,ovf,aki,ariandamiaccessValue指定镜像是否能false--只有管理员才能够查看和使用该镜像 Requestreturnedfailurestatus.后来查看[pasteflavor= | | | | |containerformat| | [root@openstack~]#yum-yinstallopenstack-nova[root@openstack~]#openstack-db--init--serviceUserServices和API编写keystoneuser-create--name=nova--pass=service--emaikeystoneuser-role-add--user=nova--tenant=service--role=adminkeystoneservice-create--name=nova pute--description="NovaComputeservice=$(keystoneservice-list|awk'/nova/{print$2}')keystoneendpoint-create--service-id=$service ，创建用户、服务及apinova[root@openstack~]#vi/etc/nova/nova.confmy_ip=auth_strategy=keystonerpc_backend= qpid_hostname=libvirt_type= _base_url=vncserver_listen=$my_ipvnc_enabled=truevnc_keymap=en-network_manager=multi_host=Trueflat_interface=eth1public_interface=eth0instance_usage_audit=Trueinstance_usage_audit_period=hour auth_host=auth_port=35357auth_protocol=httpadmin_user=novaadmin_password=service因上述配置文件中修改了instances实例存放的位置，还需要作一下操作：修改instances路径，设置 [root@openstack~]#cp-r/var/lib/nova//openstack/lib/[root@openstack~]#chown-Rnova:nova/openstack/lib/nova/libvirtdlibvirt[root@openstack~servicelibvirtdstart查看net-list，发现default：[root@openstack~]#virshnet-list default[root@openstack~]#virshnet-destroydefaultNetworkdefaultdestroyed[root@openstack~]#virshnet-undefinedefaultNetworkdefaulthasbeenundefined重启[root@openstack~]#servicelibvirtd[root@openstack~]#chkconfiglibvirtd[root@openstack~]#servicemessagebusstart[root@openstack~]#chkconfigmessagebusnovanetwork[root@openstack~]#serviceopenstack-nova-api[root@openstack~]#serviceopenstack-nova-certstart[root@openstack~]#serviceopenstack-nova-consoleauthstart[root@openstack~]#serviceopenstack-nova-schedulerstart[root@openstack~]#serviceopenstack-nova-conductorstart[root@openstack~]#serviceopenstack-nova-novncstart[root@openstack~]#service putestart[root@openstack~]#serviceopenstack-nova-networkstart[root@openstack~]#chkconfigopenstack-nova-apion[root@openstack~]#chkconfigopenstack-nova-certon[root@openstack~]#chkconfigopenstack-nova-consoleauthon[root@openstack~]#chkconfigopenstack-nova-scheduleron[root@openstack~]#chkconfigopenstack-nova-conductoron[root@openstack~]#chkconfigopenstack-nova-novncon[root@openstack~]#chkconfig puteon[root@openstack~]#chkconfigopenstack-nova-networkon--bridge-interface=br1--multi-host=T[root@openstack~]#novasecgroup-add-ruledefaulttcp2222[root@openstack~]#novasecgroup-add-ruledefaulticmp-1-1openstackopenstack里的浮动ip#nova-managefloatingcreate--缺省情况下实例会被赋予固定ip，这时并不能保证实例会马上可以从外面到，一般来说需要配置ip，然后建立一条NAT规则从公共ip到私有ip的映射。Ag引入了一个叫浮动ip的概念，浮动ip是一些可以从外部的ip列表，通常从isppp以随意赋给自己拥有的其他实例。如果实例死掉了的话，用户也不会失去这个浮动p，可以随时赋给其他实例。暂时不支持为了负载均衡多实例共个浮动p。系统管理员可以配置多个浮动ip池，这个ip池不能指定租户，每个用户都可以去抓取。多浮动ip池是为了考虑不同的isp服务提供商，免得某一个isp出故障带来麻烦。ipag外的数据中心都能到的ipipAg软件去改会安全些。#Novafloating-ip-#novaadd-floating-ip8f773639-c04f-4885-9349-ac7d6a799843IP到public_interface下就具有了如下的浮动IP：#ipaddrlistdev3:wlan0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscmqstateUPqlen1000link/ether08:11:96:75:91:54brdff:ff:ff:ff:ff:ffinet0/16brd55scopeglobalwlan0inet33/32scopeglobalwlan0inet6fe80::a11:96ff:fe75:9154/64scopelinkvalid_lftforeverpreferred_lftforeverNATIP-Anova-network-OUTPUT-d33/32-jDNAT--to-destination-Anova-network-PREROUTING-d33/32-jDNAT--to-destination-Anova-network-float-snat-s/32-jSNAT--to-sourcedNATIPIPnova-networkIP为目IPIPsNATIPIP。由于VM到固定网络之外的流量均被指向网关（nova-networkdnsmasq进行设置）sNATVM的IPOUTPUTdNATnova-network上的本地过程具有浮动IP的VMIP要将VM与浮动 puteicmp #novasecgroup-add-ruledefaulticmp-1-1pute-inst-1-picmp-jIPVMSSH[root@openstack~]#novaboot--flavor1--imagecentos6.4[root@openstack~]#nova +|ID |Name |Status|TaskState|PowerState|Networks +|f754afe1-784f-41d0-9139-a05d25eaca20| |ACTIVE | |vmnet= +[root@openstack~]#()56(84)bytesofdata.64bytesfrom:icmp_seq=1ttl=64time=0.057ms64bytesfrom:icmp_seq=2ttl=64time=0.037---statistics--2packetstransmitted,2received,0%packetloss,time1639msrttmin/avg/max/mdev=0.037/0.047/0.057/0.010ms安装配置[root@openstack~]#yum-yinstallopenstack-local_settings文件,DEBUGFalseDEBUG[root@openstack~]#vi/etc/openstack-dashboard/local_settingsDEBUG=True修改httpd.conf文件，将#ServerName 修改为ServerName[root@openstack~]#vi/etc/httpd/conf/httpd.conf修改#OPENSTACK_KEYSTONE_DEFAULT_ROLE="Member"OPENSTACK_KEYSTONE_DEFAULT_ROLE="admin"启动[root@openstack~]#servicehttpdstart[root@openstack~]#chkconfighttpdnova-api添加策[root@openstack~]#iptables-IINPUT-ptcp--dport80-j[root@openstack~]#iptables-IINPUT-ptcp-mmultiport--dports5900:6000-jACCEPT[root@openstack~]#iptables-IINPUT-ptcp--dport6080-jACCEPT[root@openstack~]#serviceiptablesHorizon安装完成，使用 openstackweb界面。为操作员用户创建一个[root@openstack~]#keystonetenant-create--name=manager--description='Manager创建一个管理角色三、计算节点安装[root@node~]#rpm-[root@node~]#rpm-[root@node~]#yum.[root@node~]#vi [root@node~]#vi/etc/sysconfig/network-scripts/ifcfg-eth0[root@openstack~]#vi/etc/sysconfig/network-scripts/ifcfg-eth1关闭[root@node~]#more#ThisfilecontrolsthestateofSELinuxonthesystem.#SELINUX=cantakeoneofthesethreevalues: enforcing-SELinuxsecurityisen permissive-SELinuxprintswarningsinsteadofenforcing. disabled-SELinuxisfullydisabled.#SELINUXTYPE=typeofinuse.Possiblevalues targeted-Onlytargetednetworkdaemonsareprotected. strict-FullSELinuxprotection.[root@node~]#seten0[root@node~]#vi[root@node~]#sysctl NTP[root@node~]#yum-yinstall[root@node~]#31Mar16:17:03ntpdate[5848]:theNTPsocketisinuse,[root@node~crontabe*/5****ntpdate>>[root@node~]#viexportOS_USERNAME=adminexportOS_PASSWORD=passwordexportOS_AUTH_URL=exportexport[root@node~]#sourcelibvirtlibvirt[root@node~]#yum-yinstallqemu-kvmlibvirt[root@node~]#servicelibvirtdnet-list[root@node~]#virshnet- default[root@node~]#virshnet-destroydefaultNetworkdefaultdestroyed[root@node~]#virshnet-undefinedefaultNetworkdefaulthasbeenundefined[root@node~]#servicelibvirtd[root@node~]#chkconfiglibvirtdMySQLmysql[root@node~]#yum-yinstall[root@node~]#mysql-h-unova-etotheMySQL Nova [root@node~]#yum-yinstall openstack-nova-networkopenstack-nova-schedulernova[root@node~]#vimy_ip=auth_strategy=allow_resize_to_same_host=truerpc_backend= qpid_hostname=libvirt_type=vncserver_listen=vncserver__address=vnc_e