CentOS6.6部署OpenStack Havana(Nova-Network版)

CentOS6.4部署OpenStack Havana(Nova-Network版)

一 基本设备介绍

测试环境

CentOS6.4 x64

OpenStack 服务 介绍

计算 (Compute) - Nova；

网络和地址管理 - Neutron；

对象存储 (Object) - Swift；

块存储 (Block) - Cinder；

身份 (Identity) - keystone；

镜像 (Image) - Glance；

UI 界面 (Dashboard) - Horizon；

测量 (Metering) - Ceilometer；

编配 (Orchestration) – Heat；

主机分配:

主 机名         IP（Static）     系统              角色

openstack      192.168.0.210    CentOS x64     管理节点/计算节点

node01         192.168.0.212    CentOS x64        计算节点

二 管理节点安装 ( Openstack )

首先更新系统版本 yum update ( 否则 报yum ssl错误 )

reboot 

2.1 （导入第三方安装源）

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-7.noarch.rpm

2.2  （配置/hetc/hosts 文件)

vi /etc/hosts

192.168.0.211 openstack

192.168.0.212 node01

2.3  (配置网络)

2.4  关闭selinux

sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config

setenforce 0

2.5  修改/etc/sysctl.conf参数

vi /etc/sysctl.conf

修改

net.ipv4.ip_forward = 1

sysctl -p

2.6  安装ntp服务

yum -y install ntp

service ntpd start

chkconfig ntpd on

2.7  安装MySQL服务

yum -y install mysql mysql-server MySQL-python

vi /etc/my.cnf

[mysqld]在后面增加

bind-address = 0.0.0.0

启动mysqld 并设置自动启动 

service mysqld start

chkconfig mysqld on

修改MySQL密码为jicki

mysqladmin -uroot password 'jicki'; history -c

2.8  安装qpid 服务

yum -y install qpid-cpp-server memcached

修改/etc/qpidd.conf配置文件,将auth设置为no

vi /etc/qpidd.conf

auth=no

启动 qpidd 以及 设置自定启动

service qpidd start

chkconfig qpidd on

安装OpenStack工具包

yum -y install openstack-utils

2.9  安装配置KeyStone

安装KeyStone服务

yum -y install openstack-keystone

创建keystone数据库，修改配置文件中的数据库链接

openstack-db --init --service keystone

修改配置文件中的数据库链接  ( 帐号密码都为上面创建的 keystone )

openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone

使用openssl随即生成一个令牌，将其存储在配置文件中

export SERVICE_TOKEN=$(openssl rand -hex 10)

export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

mkdir /root/config                (创建配置文件目录 用于记录一些key)

echo $SERVICE_TOKEN > /root/config/ks_admin_token.txt

cat /root/config/ks_admin_token.txt

35fbb7e5601644a1f37f

将生成的SERVICE_TOKEN值写入文件中保存，以备后续使用，后面涉及到的SERVICE_TOKEN值都是在ks_admin_token.txt文件中获取的。所以一旦写入文件，不要再次运行命令生成SERVICE_TOKEN，否则前后不一致会为调试带来麻烦。

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN

默认情况下keysonte使用PKI令牌。创建签名密钥和证书

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log

启动keystone服务，设置开机自启动

service openstack-keystone start

chkconfig openstack-keystone on

2.10  定义Users、Tenants and Roles

修改.bash_profile文件，添加以下参数

vi /root/.bash_profile

export OS_USERNAME=admin

export OS_TENANT_NAME=admin

export OS_PASSWORD=jicki

export OS_AUTH_URL=http://127.0.0.1:5000/v2.0

export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0

export SERVICE_TOKEN=35fbb7e5601644a1f37f

使变量即时生效

source .bash_profile

为管理员用户创建一个tenant，为openstack其他服务的用户创建一个tenant

keystone tenant-create --name=admin --description='Admin Tenant'

keystone tenant-create --name=service --description='Service Tenant'

创建一个管理员用户admin

keystone user-create --name=admin --pass=jicki --email=keystone@localhost

创建一个管理员角色admin

keystone role-create --name=admin

将角色添加到用户

keystone user-role-add --user=admin --tenant=admin --role=admin

2.11  定义Services 和 API Endpoints

为KeyStone创建一个服务

keystone service-create --name=keystone --type=identity --description="KeystoneIdentity Service"

使用服务ID创建一个endpoint

vi /root/config/keystone.sh

#!/bin/bash

my_ip=192.168.0.211

service=$(keystone service-list | awk '/keystone/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0

sh /root/config/keystone.sh

2.12  安装配置Glance

yum -y install openstack-glance

创建Glance数据库

openstack-db --init --service glance

修改配置文件中的数据库链接

openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance

openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance

2.13  创建User，定义Services 和 API Endpoints

为Glance服务创建一个glance用户

keystone user-create --name=glance --pass=service --email=glance@localhost

keystone user-role-add --user=glance --tenant=service --role=admin

为glance创建一个服务

keystone service-create --name=glance --type=image --description="Glance ImageService"

使用服务ID创建一个endpoint

vi /root/config/glance.sh

#!/bin/bash

my_ip=192.168.0.211

service=$(keystone service-list | awk '/glance/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292

sh /root/config/glance.sh

配置Glance服务

将keystone认证信息添加到glance配置文件中

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service

修改ini文件路径，将keystone认证信息添加到ini文件中

openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini

cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini

chown -R root:glance /etc/glance/glance-api-paste.ini 

chown -R root:glance /etc/glance/glance-registry-paste.ini

openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host 127.0.0.1

openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service

openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance

openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service

openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host 127.0.0.1

openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service

openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance

openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service

修改镜像文件的存放路径（默认存放在/var/lib/glance目录下，若不需修改，此步骤可省略）

openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /opt/openstack/lib/glance/images/

openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /opt/openstack/lib/glance/scrubber

openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /opt/openstack/lib/glance/image-cache/

mkdir -p /opt/openstack/lib

cp -r /var/lib/glance/ /opt/openstack/lib/

chown -R glance:glance /opt/openstack/lib/glance/

启动glance服务，设置开机自启动

service openstack-glance-api start

service openstack-glance-registry start

chkconfig openstack-glance-api on

chkconfig openstack-glance-registry on

2.14  Glance测试

glance image-create --name=centos6.6 --disk-format=qcow2 --container-format=ovf --is-public=true < /root/CentOS-6.6-x86_64-minimal.iso

查看镜像

glance image-list

+--------------------------------------+-----------+-------------+------------------+-----------+--------+

| ID                                   | Name      | Disk Format | Container Format | Size      | Status |

+--------------------------------------+-----------+-------------+------------------+-----------+--------+

| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | qcow2       | ovf              | 401604608 | active |

+--------------------------------------+-----------+-------------+------------------+-----------+--------+

2.15  安装配置Nova

yum -y install openstack-nova

创建nova数据库

openstack-db --init --service nova

创建User，定义Services 和 API Endpoints

vi /root/config/nova-user.sh

#!/bin/sh

my_ip=192.168.0.210

keystone user-create --name=nova --pass=service --email=nova@localhost

keystone user-role-add --user=nova --tenant=service --role=admin

keystone service-create --name=nova --type=compute --description="Nova Compute Service"

service=$(keystone service-list | awk '/nova/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%(tenant_id)s --internalurl=http://$my_ip:8774/v2/%(tenant_id)s --adminurl=http://$my_ip:8774/v2/%(tenant_id)s

sh /root/config/nova-user.sh

配置nova服务

修改/etc/nova/nova.conf配置文件

------------------------------------------------------------------------------

[DEFAULT]

my_ip = 192.168.0.210

auth_strategy = keystone

state_path = /opt/openstack/lib/nova

verbose=True

allow_resize_to_same_host = true

rpc_backend = nova.openstack.common.rpc.impl_qpid

qpid_hostname = 192.168.0.210

libvirt_type = kvm

glance_api_servers = 192.168.0.210:9292

novncproxy_base_url = http://192.168.0.210:6080/vnc_auto.html

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

vnc_enabled = true

vnc_keymap = en-us

network_manager = nova.network.manager.FlatDHCPManager

firewall_driver = nova.virt.firewall.NoopFirewallDriver

multi_host = True

flat_interface = eth1

flat_network_bridge = br1

public_interface = eth0

instance_usage_audit = True

instance_usage_audit_period = hour

notify_on_state_change = vm_and_task_state

notification_driver = nova.openstack.common.notifier.rpc_notifier

compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler

[hyperv]

[zookeeper]

[osapi_v3]

[conductor]

[keymgr]

[cells]

[database]

[image_file_url]

[baremetal]

[rpc_notifier2]

[matchmaker_redis]

[ssl]

[trusted_computing]

[upgrade_levels]

[matchmaker_ring]

[vmware]

[spice]

[keystone_authtoken]

auth_host = 127.0.0.1

auth_port = 35357

auth_protocol = http

admin_user = nova

admin_tenant_name = service

admin_password = service

---------------------------------------------------------------------------------

因上述配置文件中修改了instances实例存放的位置，还需要作一下操作

修改instances路径，设置目录权限

cp -r /var/lib/nova/ /opt/openstack/lib/

chown -R nova:nova /opt/openstack/lib/nova/

配置libvirtd服务，删除virbr0

启动libvirt服务

service libvirtd start

查看net-list，发现default

virsh net-list

删除default，即virbr0

virsh net-destroy default

virsh net-undefine default

重启libvirtd服务，设置开机自启动

service libvirtd restart

chkconfig libvirtd on

启动nova相关服务，设置开机自启动

service messagebus start

chkconfig messagebus on

启动nova服务，采用network网络服务

service openstack-nova-api start

service openstack-nova-cert start

service openstack-nova-consoleauth start

service openstack-nova-scheduler start

service openstack-nova-conductor start

service openstack-nova-novncproxy start

service openstack-nova-compute start

service openstack-nova-network start

chkconfig openstack-nova-api on

chkconfig openstack-nova-cert on

chkconfig openstack-nova-consoleauth on

chkconfig openstack-nova-scheduler on

chkconfig openstack-nova-conductor on

chkconfig openstack-nova-novncproxy on

chkconfig openstack-nova-compute on

chkconfig openstack-nova-network on

nova测试

创建网络

nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge-interface=br1 --multi-host=T

nova network-list

+--------------------------------------+-------+-------------+

| ID                                   | Label | Cidr        |

+--------------------------------------+-------+-------------+

| 440a5c95-9882-4e79-9d75-e5ce7ff27799 | vmnet | 10.1.1.0/24 |

+--------------------------------------+-------+-------------+

nova-manage network list

设置安全组

nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

查看镜像

nova image-list

+--------------------------------------+-----------+--------+--------+

| ID                                   | Name      | Status | Server |

+--------------------------------------+-----------+--------+--------+

| d2058235-b68a-4eb7-a425-38c851f21f00 | centos6.6 | ACTIVE |        |

+--------------------------------------+-----------+--------+--------+

创建虚拟机实例

nova boot --flavor 1 --image centos6.6 vm01

查看虚拟机实例运行状态

nova list

+--------------------------------------+------+--------+------------+-------------+----------------+

| ID                                   | Name | Status | Task State | Power State | Networks       |

+--------------------------------------+------+--------+------------+-------------+----------------+

| 32a62826-ff62-48cb-a273-fb1091049f14 | vm01 | ACTIVE | -          | Running     | vmnet=10.1.1.2 |

+--------------------------------------+------+--------+------------+-------------+----------------+

删除一个实例

nova delete 3713704f-2628-49ec-8731-d683f25bef3e

测试虚拟机实例连通性

ping 10.1.1.2

2.16  安装配置Horizon

yum -y install openstack-dashboard

修改local_settings文件,将DEBUG = False修改为DEBUG = True

vi /etc/openstack-dashboard/local_settings

DEBUG = True

修改httpd.conf文件，将#ServerName www.example.com:80修改为ServerName 192.168.0.211:80

vi /etc/httpd/conf/httpd.conf 

#ServerName www.example.com:80

ServerName 192.168.0.211:80

修改local_settings.py文件，将"Member"修改为"admin"

vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py 

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin" 

启动http服务，设置开机自启动

service httpd start

chkconfig httpd on

重启nova-api服务

service openstack-nova-api restart

添加防火墙策略

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

iptables -I INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT

iptables -I INPUT -p tcp --dport 6080 -j ACCEPT

service iptables save

Horizon安装完成，使用http://192.168.0.210/dashboard访问openstack web界面。

http://192.168.0.210/dashboard访问openstack

用户名: admin

密码: 

添加新项目

为操作员用户创建一个tenant

keystone tenant-create --name=manager --description='Manager Tenant'

创建操作员用户

keystone user-create --name=manager --pass=jicki --email=manager@localhost

创建一个管理角色manager

keystone role-create --name=manager

将nova角色添加到用户

keystone user-role-add --user=nova --tenant=service --role=manager