Openstack平台搭建之第二天
Openstack平台搭建之第二天
If you have any question ,please contact me by weichuangxxb@sina.cn or 371990778(qq).
环境准备: RHEL6.5 内存4G 硬盘70G yum源的制定(分别制定三个yum源,其中前面三个是自己本地定制的yum源) baseurl=ftp://instructor.example.com/pub/rhel6.5/Server baseurl=ftp://instructor.example.com/pub/errata baseurl=http://instructor.example.com/pub/OpenStack/ baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/ baseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/ #yum update -y ; reboot 第一节:qpid通信节点安装 2.安装qpid [root@server10 ~]# yum install -y qpid-cpp-server qpid-cpp-server-ssl cyrus-sasl-md5 3.创建用户 -f制定密码文件 -u 制定用户信息 以及db信息 [root@server10 ~]# saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID qpidauth [root@server10 ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb qpidauth@QPID: userPassword 4.创建认证文件 acl(默认不存在) [root@server10 ~]# echo 'acl allow qpidauth@QPID all all' > /etc/qpid/qpidauth.acl 5.读取acl文件 后台进程qpidd [root@server10 ~]# echo "QPIDD_OPTIONS='--acl-file /etc/qpid/qpidauth.acl'" >> /etc/sysconfig/qpidd 6.修改权限 root@server10 ~]# chown qpidd /etc/qpid/qpidauth.acl [root@server10 ~]# chmod 600 /etc/qpid/qpidauth.acl 7.修改/etc/qpidd.conf cluster-mechanism=DIGEST-MD5 auth=yes 8.创建独立的pki(目录权限) [root@server10 ~]# mkdir /etc/pki/tls/qpid [root@server10 ~]# chmod 700 /etc/pki/tls/qpid/ [root@server10 ~]# chown qpidd /etc/pki/tls/qpid/ 查看qpidd用户(在安装软件的时候已经创建了) 9.增加密码和权限 [root@server10 ~]# echo westos > /etc/qpid/qpid.pass [root@server10 ~]# chmod 600 /etc/qpid/qpid.pass [root@server10 ~]# chown qpidd /etc/qpid/qpid.pass 10.生成认证证书(certutil) [root@server10 ~]# echo $HOSTNAME server10.example.com [root@server10 ~]# certutil -N -d /etc/pki/tls/qpid/ -f /etc/qpid/qpid.pass 注意查看/etc/pki/tls/qpid/目录下生成的文件(权限没有哦) 11制定加密序列 -n制定全主机名 (注意生成文件的权限) [root@server10 ~]# certutil -S -d /etc/pki/tls/qpid/ -n server10.example.com -s "CN=server10.example.com" -t "CT,," -x -f /etc/qpid/qpid.pass -z /usr/bin/certutil [root@server10 tls]# chown -R qpidd qpid/ 12.在主配置文件中制定相关的db,name以及pd (启动qpidd后进行查看日志) [root@server10 ~]#vim /etc/qpidd.conf ssl-cert-db=/etc/pki/tls/qpid ssl-cert-name=server10.example.com ssl-cert-password-file=/etc/qpid/qpid.pass require-encryption=yes [root@server10 ~]# /etc/init.d/qpidd restart [root@server10 ~]# tail -f /var/log/messages 显示正在running(h好像有个密码错误啊) [root@server10 ~]# chkconfig qpidd on ################ 第二节:身份识别系统:identity(全局使用) 1.安装keystone以及相关 [root@server10 ~]# yum install openstack-keystone openstack-selinux openstack-utils -y 2.初始话服务,向数据库中导入db文件(默认不会安装mysql'服务) [root@server10 ~]# openstack-db --init --service keystone 需要安装mysql服务并进行配置 3.创建keystone用户和密码(其实就是向数据库导入文件,也可以自己使用openssl导入) [root@server10 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 4.修改相应ssl的权限(/etc/keystone/ssl) [root@server10 ~]# chown -R keystone:keystone /etc/keystone/ssl/ 5.生成认证文件并且额导入: [root@server10 ~]# openssl rand -hex 10 使用openssl加密前10 a030068247b339b52f37 [root@server10 ~]# echo a030068247b339b52f37 > /root/ks_admin_token [root@server10 ~]# cat ks_admin_token a030068247b339b52f37 [root@server10 ~]# export SERVICE_TOKEN=a030068247b339b52f37 6.导入到文件 [root@server10 ~]# export SERVICE_ENDPOINT=http://server10.example.com:35357/v2.0 7.配置keystone文件 [root@server10 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN [root@server10 ~]# vim /etc/keystone/keystone.conf (删除一个default) 8.启动keystone(开机启动) [root@server10 ~]# /etc/init.d/openstack-keystone restart [root@server10 ~]# chkconfig openstack-keystone on 注意:启动后注意查看有没有报错啊,查看启动端口 [root@server10 ~]# grep ERROR /var/log/keystone/keystone.log 9.创建keystone服务(id) [root@server10 ~]# keystone service-create --name=keystone --type=identity --description="keystone identity service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | keystone identity service | | id | 5a1d8b6901f6450fa5b063e6a002601c | | name | keystone | | type | identity | +-------------+----------------------------------+ 注意:ID唯一哦 10.创建接口(外部 内部 管理接口) [root@server10 ~]# keystone endpoint-create --service-id 5a1d8b6901f6450fa5b063e6a002601c \ > --publicurl 'http://server10.example.com:5000/v2.0' \ > --adminurl 'http://server10.example.com:35357/v2.0' \ > --internalurl 'http://server10.example.com:5000/v2.0' +-------------+----------------------------------------+ | Property | Value | +-------------+----------------------------------------+ | adminurl | http://server10.example.com:35357/v2.0 | | id | 714dbd31a3bd45feafa7ca3539525fb2 | | internalurl | http://server10.example.com:5000/v2.0 | | publicurl | http://server10.example.com:5000/v2.0 | | region | regionOne | | service_id | 5a1d8b6901f6450fa5b063e6a002601c | +-------------+----------------------------------------+ 11.创建用户,角色,tenant(租户) [root@server10 ~]# keystone user-create --name admin --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | f90b1ed5677a42b0b70544367d804222 | | name | admin | +----------+----------------------------------+ [root@server10 ~]# keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | ab686060308d470887911c19a8c011b4 | | name | admin | +----------+----------------------------------+ [root@server10 ~]# keystone tenant-create --name admin +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | b4aa48fd47724a19a9e09eeb1d8199df | | name | admin | +-------------+----------------------------------+ 12.用户角色添加(关联上述的用户) [root@server10 ~]# keystone user-role-add --user admin --role admin --tenant admin 13.编辑kestone管理文件(自己创建) [root@server10 ~]# vim /root/keystonerc_admin export OS_USERNAME=admin export OS_TENANT_NAME=admin export OS_PASSWORD=westos export OS_AUTH_URL=http://server10.example.com:35357/v2.0/ export PS1='[\u@\h \W(keystone_admin)]\$ ' 14.清除配置,同时加载keystone加载到里面;显示keystone用户 [root@server10 ~]# unset SERVICE_TOKEN [root@server10 ~]# unset SERVICE_ENDPOINT [root@server10 ~]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# keystone user-list +----------------------------------+-------+---------+-------+ | id | name | enabled | email | +----------------------------------+-------+---------+-------+ | f90b1ed5677a42b0b70544367d804222 | admin | True | | +----------------------------------+-------+---------+-------+ 第三节 swift 存储(在主机上添加两块盘) 1.安装swift存储代理,帐号以及容器 [root@server10 ~(keystone_admin)]# yum install -y openstack-swift-proxy openstack-swift-object openstack-swift-container openstack-swift-account memcached -y 2.创建用户以及tenant(记住所有名字一样service) [root@server10 ~(keystone_admin)]# keystone user-create --name swift --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 2e86f4f604cd4edaa535caf8f19af9db | | name | swift | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone tenant-create --name services +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 4dd069c858834df99733119353d1c822 | | name | services | +-------------+----------------------------------+ 3.关联用户之间关系 [root@server10 ~(keystone_admin)]# keystone user-role-add --role admin --tenant services --user swift 4.服务创建 [root@server10 ~(keystone_admin)]# keystone service-create --name swift --type object-store --description "swift storage service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | swift storage service | | id | 970407c1c93248a3abe25e59e3da9108 | | name | swift | | type | object-store | +-------------+----------------------------------+ 5.定义认证的URL: [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 970407c1c93248a3abe25e59e3da9108 \ > --publicurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \ > --adminurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \ > --internalurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" +-------------+--------------------------------------------------------+ | Property | Value | +-------------+--------------------------------------------------------+ | adminurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | | id | 2f5a84921b3f4d2ba067f5dec2d9b529 | | internalurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | | publicurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | | region | regionOne | | service_id | 970407c1c93248a3abe25e59e3da9108 | +-------------+--------------------------------------------------------+ 6.查找盘符,并且创建主分区 [root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdb [root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdc 7.格式化分区 并且开机自动挂在(记得操作之前对文件进行备份) [root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdb1 [root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdc1 [root@server10 ~(keystone_admin)]# mkdir -p /srv/node/z{1,2}d1 [root@server10 etc(keystone_admin)]# cat /etc/fstab /dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0 /dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0 [root@server10 etc(keystone_admin)]# mount -a 8.编辑目录权限 [root@server10 node(keystone_admin)]# chown -R swift:swift /srv/node/ 9.编辑安全上下文 [root@server10 node(keystone_admin)]# restorecon -Rv /srv/ 将安全上下文转换成的类型修改为swift类型格式(可以实时查看) 10.编辑配置文件(可以将里面的文件都备份下/etc/swift/swift.conf(account/container/object)) [root@server10 node(keystone_admin)]# openssl rand -hex 10 ed7addafe2a3477d5e92 [root@server10 node(keystone_admin)]# cat /etc/swift/swift.conf [swift-hash] swift_hash_path_prefix = ed7addafe2a3477d5e92 swift_hash_path_suffix = ed7addafe2a3477d5e92 将三个文件的bind-ip改为自己的ip(192.168.0.110) #vim /etc/swift/container-server.conf #vim /etc/swift/account-server.conf #vim /etc/swift/object-server.conf 11.启动三个服务(开机自动启动) [root@server10 node(keystone_admin)]# chkconfig openstack-swift-container on [root@server10 node(keystone_admin)]# chkconfig openstack-swift-object on [root@server10 node(keystone_admin)]# chkconfig openstack-swift-account on 12.测试 Configure Swift Object Storage Service Rings 使用三个命令创建三个builder [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder create 12 2 1 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder create 12 2 1 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder create 12 2 1 执行下面命令:(有警告啊) #for i in 1 2 ; do swift-ring-builder /etc/swift/account.builder add z${i}-192.168.0.110:6002/z${i}d1 100; done #for i in 1 2 ; do swift-ring-builder /etc/swift/object.builder add z${i}-192.168.0.110:6000/z${i}d1 100; done #for i in 1 2 ; do swift-ring-builder /etc/swift/container.builder add z${i}-192.168.0.110:6001/z${i}d1 100; done 12.1使用swift-ring-builder创建负载 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder rebalance [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder rebalance [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder rebalance [root@server10 node(keystone_admin)]# chown -R root:swift /etc/swift/ 13.启动代理服务 Deploy the Swift Object Storage Proxy Service 13.1编辑代理文件(procy-server.conf备份哦自己编写) [root@server10 node(keystone_admin)]# vim /etc/swift/proxy-server.conf [filter:authtoken] admin_tenant_name = services 注意名字的编写哦 admin_user = swift admin_password = westos auth_host = 192.168.0.110 ############# 13.2启动memcached和openstack-swift-proxy(记住开机自动启动) [root@server10 ~(keystone_admin)]# /etc/init.d/memcached start;/etc/init.d/openstack-swift-proxy start [root@server10 ~(keystone_admin)]#chkconfig memcached on;chkconfig openstack-swift-proxy on 14.创建容器: Validate the Swift Object Storage Configuration 14.1 截取1024的文件,并放置到对象存储区域(容器里面) 注意:必须得在/etc/swift目录吗 (必须的,因为是在上传目录啊发布目录) 问题:在第一次做的时候不小心把filter_authtoken 一个一个创建文件哦 [root@server10 swift(keystone_admin)]# head -c 1024 /dev/urandom > data(1,2,3).file (为了测试分别创建多个data文件实际分别创建) #swift upload c1 data1.file 直接创建容器CX并上传文件 #swift upload c1 data2.file #swift upload c1 data3.file #swift upload c2 data3.file #swift upload c3 data3.file # swift list 可以查看生成的三个容器(c1 c2 c3) # swift list c1 查看c1容器存放的数据 # swift delete c3 删除容器 # swift delete c1 data3.file 删除容器里面的对象 详情可以查看swift --help 创建区域:swift upload c1 data1.file c指的是容器 接着在/srv/node下查看,其实两块存储存放的东西是一样的(z1d1和z2d2) /srv/node/z2d1/objects 第四节 :配置Glance Image服务 1.安装openstack-glance软件 [root@server10 ~(keystone_admin)]# yum install -y openstack-glance 2.编辑配置文件 [root@server10 ~(keystone_admin)]#cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig [root@server10 ~(keystone_admin)]# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.orig 拷贝新的配置文件 # cp /usr/share/glance/glance-registry-dist.conf /etc/glance/glance-registry.conf 3.初始化glance服务,创建密码(通过mysql使用上面的追加) [root@server10 ~(keystone_admin)]# openstack-db --init --service glance --password westos --rootpw westos 可以登录mysql进行查看相关的数据库 4.创建用户以及关联用户关系 [root@server10 ~(keystone_admin)]# keystone user-create --name glance --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 41be9c4c80b74ec4bc9df05636859985 | | name | glance | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user glance --role admin --tenant services 5.编辑glance相关配置文件glance-api.conf [root@server10 ~(keystone_admin)]# vim /etc/glance/glance-api.conf [paste_deploy] flavor = keystone 认证方式 [keystone_authtoken] 配置认证方式 admin_tenant_name=services admin_user=glance admin_password=westos [DEFAULT] qpid_hostname = localhost 如果apid在远端可以增加IP qpid_username = qpidauth qpid_password = westos qpid_port = 5671 qpid_protocol = ssl (5671是一般的加密接口) 6.编辑配置文件/etc/glance/glance-registry.conf [paste_deploy] flavor = keystone (没空格不影响吧) [keystone_authtoken] admin_tenant_name = services admin_user = glance admin_password = westos 7.启动两个服务glance-api glance-registry #chkconfig openstack-glance-api on #chkconfig openstack-glance-registry on 查看日志,希望不要有错误 啊 # egrep 'ERROR|CRITICAL' /var/log/glance/* /var/log/glance/api.log:2014-07-30 14:09:13.298 21918 ERROR glance.store.sheepdog [-] Error in store configuration: Unexpected error while running command. 查看有一个牧羊犬错误,可以先不要管他 8.新建一个glance服务 [root@server10 ~(keystone_admin)]# keystone service-create --name glance --type image --description "glance image service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | glance image service | | id | a5806eaa7c4f4b0bac077d344b3e8c3f | | name | glance | | type | image | +-------------+----------------------------------+ 9.创建一个endpoint的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id a5806eaa7c4f4b0bac077d344b3e8c3f \ > --publicurl http://server10.example.com:9292 \ > --adminurl http://server10.example.com:9292 \ > --internalurl http://server10.example.com:9292 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://server10.example.com:9292 | | id | 53bdf3b884724675bf9da11791bc1fbe | | internalurl | http://server10.example.com:9292 | | publicurl | http://server10.example.com:9292 | | region | regionOne | | service_id | a5806eaa7c4f4b0bac077d344b3e8c3f | +-------------+----------------------------------+ 10.上传镜像:Use glance to Upload a System Image [root@server10 ~(keystone_admin)]# glance image-create --name xxb --is-public True --disk-format qcow2 --container-format bare --copy-from http://192.168.0.254/pub/materials/small.img +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | None | | container_format | bare | | created_at | 2014-07-30T06:33:15 | | deleted | False | | deleted_at | None | | disk_format | qcow2 | | id | dd5135b4-c2ce-4c66-8b73-454705b2a310 | | is_public | True | | min_disk | 0 | | min_ram | 0 | | name | xxb | | owner | b4aa48fd47724a19a9e09eeb1d8199df | | protected | False | | size | 92908032 | | status | queued | | updated_at | 2014-07-30T06:33:15 | +------------------+--------------------------------------+ 10.1查看镜像信息 [root@server10 ~(keystone_admin)]# glance image-list +--------------------------------------+---------+-------------+------------------+-----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------+-------------+------------------+-----------+--------+ | dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb | qcow2 | bare | 92908032 | active | | 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2 | bare | 258146304 | active | +--------------------------------------+---------+-------------+------------------+-----------+--------+ 10.2删除镜像 [root@server10 ~(keystone_admin)]#glance delete ID [root@server10 ~(keystone_admin)]# glance image-show xxb 查看xxb镜像详细信息 第五节:创建块存储,用来给云主机挂在使用的a 1.安装块存储软件: [root@server10 ~(keystone_admin)]# yum install -y openstack-cinder [root@server10 ~(keystone_admin)]#cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak [root@server10 ~(keystone_admin)]#cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf 2.初始化 [root@server10 ~(keystone_admin)]# openstack-db --init --service cinder --password westos --rootpw westos # openstack-db --drop --service cinder 如果初始化错误可以使用这个删除cinder(重新执行) 3.创建相应的用户以及关联用户 [root@server10 ~(keystone_admin)]# keystone user-create --name cinder --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 912094d6e8c54864aa2606a13daae1c9 | | name | cinder | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user cinder --role admin --tenant services 4.创建卷组 [root@server10 ~(keystone_admin)]# keystone service-create --name=cinder --type=volume --description="openstack block storage service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | openstack block storage service | | id | f8fbbcec6c864ac588f70ee396bb55da | | name | cinder | | type | volume | +-------------+----------------------------------+ 5.创建cinder的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id f8fbbcec6c864ac588f70ee396bb55da --publicurl 'http://server10.example.com:8776/v1/%(tenant_id)s' --adminurl 'http://server10.example.com:8776/v1/%(tenant_id)s' --internalurl 'http://server10.example.com:8776/v1/%(tenant_id)s' +-------------+---------------------------------------------------+ | Property | Value | +-------------+---------------------------------------------------+ | adminurl | http://server10.example.com:8776/v1/%(tenant_id)s | | id | 3116d4a05f2a4dac8dd712b10aaf4d09 | | internalurl | http://server10.example.com:8776/v1/%(tenant_id)s | | publicurl | http://server10.example.com:8776/v1/%(tenant_id)s | | region | regionOne | | service_id | f8fbbcec6c864ac588f70ee396bb55da | +-------------+---------------------------------------------------+ 6..备份配置文件,并且进行修改内存 [root@server10 ~(keystone_admin)]# cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.orig [root@server10 ~(keystone_admin)]# cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf [root@server10 ~(keystone_admin)]#vim /etc/cinder/cinder.conf [keystone_authtoken] admin_tenant_name = services admin_user = cinder admin_password = westos [DEFAULT] qpid_username = qpidauth qpid_password = westos qpid_protocol = ssl qpid_port = 5671 7.启动服务并开机子启动 [root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-scheduler start [root@server10 ~(keystone_admin)]#/etc/init.d/openstack-cinder-api start [root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-volume start 8.配置共享存储iscsi echo 'include /etc/include/volumes/*' >> /etc/tgt/targets.conf [root@server10 ~(keystone_admin)]## /etc/init.d/tgtd start [root@server10 ~(keystone_admin)]##chkconfig tgtd on 9.查看openstack的整体状态 [root@server10 ~(keystone_admin)]## openstack-status == Glance services == openstack-glance-api: active openstack-glance-registry: active == Keystone service == == Keystone users == Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens == Glance images == Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens 如果正常应该没有问题的(其实在配置过程中经常也会出现不能tokens这个问题,持续等待也许会好的。自己在做的时候也经常出现这个问题,也许就是靠人品咯) 10.创建一个卷组vol1 2G(测试逻辑卷的应用) 使用cinder工具创建一个名为vol1的逻辑卷大小2G [root@server10 ~(keystone_admin)]# cinder create --display-name vol1 2 +---------------------+--------------------------------------+ | Property | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | created_at | 2014-07-30T08:03:05.551543 | | display_description | None | | display_name | vol1 | | id | 7d8bde6b-4d83-439d-839a-1f9d5974d94c | | metadata | {} | | size | 2 | | snapshot_id | None | | source_volid | None | | status | creating | | volume_type | None | +---------------------+--------------------------------------+ 11.查看当前的逻辑卷大小 [root@server10 ~(keystone_admin)]#vgs [root@server10 ~(keystone_admin)]# vgs VG #PV #LV #SN Attr VSize VFree cinder-volumes 1 1 0 wz--n- 4.97g 2.97g vol0 1 2 0 wz--n- 29.97g 0 只要卷组是cinder的话就可以识别。在部署应答文件时里面就有一个块存储的卷20G #cinder list ################# 第六节 网络配置 1.创建网络 [root@server10 ~(keystone_admin)]# keystone service-create --name neutron --type network --description 'networking service' +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | networking service | | id | ffc971e1288e48df85a56291ddd9c621 | | name | neutron | | type | network | +-------------+----------------------------------+ 2.指定相应的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id ffc971e1288e48df85a56291ddd9c621 \ > --publicurl http://server10.example.com:9696 \ > --adminurl http://server10.example.com:9696 \ > --internalurl http://server10.example.com:9696 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://server10.example.com:9696 | | id | 2af628a5043a4bb1ab7e5990305c7a84 | | internalurl | http://server10.example.com:9696 | | publicurl | http://server10.example.com:9696 | | region | regionOne | | service_id | ffc971e1288e48df85a56291ddd9c621 | +-------------+----------------------------------+ 3.创建用户以及关联相关 [root@server10 ~(keystone_admin)]# keystone user-create --name neutron --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | e8a059a320ef4ed5973bb245e56ceb67 | | name | neutron | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user neutron --role admin --tenant services 4.查看用户 [root@server10 ~(keystone_admin)]# keystone user-role-list +----------------------------------+-------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------+----------------------------------+----------------------------------+ | ab686060308d470887911c19a8c011b4 | admin | f90b1ed5677a42b0b70544367d804222 | b4aa48fd47724a19a9e09eeb1d8199df | +----------------------------------+-------+----------------------------------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone --os-username neutron --os-password westos --os-tenant-name services user-role-list +----------------------------------+-------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+-------+----------------------------------+----------------------------------+ | 59d0d13373894bcdb8ad06852a620117 | admin | e8a059a320ef4ed5973bb245e56ceb67 | 3a4b064f7782481fbde472d25d3e496f | +----------------------------------+-------+----------------------------------+----------------------------------+ 5.安装networking软件包 [root@server10 neutron(keystone_admin)]# yum install -y openstack-neutron openstack-neutron-openvswitch 查看下qpidd的状态 6.配置主要文件: [root@server10 neutron(keystone_admin)]# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend=neutron.openstack.common.rpc.impl_qpid qpid_hostname = 192.168.0.110 qpid_port = 5671 qpid_username = qpidauth qpid_password = westos qpid_protocol = ssl [keystone_authtoken] admin_tenant_name = services admin_user = neutron admin_password = westos [agent] root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf 7.编辑配置文件(用户admin文件cp后修改) [root@server10 ~(keystone_admin)]# cat /root/keystonerc_neutron export OS_USERNAME=neutron 修改 export OS_TENANT_NAME=services 修改 export OS_PASSWORD=westos export OS_AUTH_URL=http://server10.example.com:35357/v2.0/ export PS1='[\u@\h \W(keystone_neutron)]\$ ' 8.切换到网络用户neutron [root@server10 ~(keystone_neutron)]# yum install openstack-nova-common -y [root@server10 ~(keystone_neutron)]# neutron-server-setup --yes --rootpw westos --plugin openvswitch [root@server10 ~(keystone_neutron)]# neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp head No handlers could be found for logger "neutron.common.legacy" 好像有错啊(不过没有直接报错可以不用管) 9.开启服务 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-server start [root@server10 ~(keystone_neutron)]# chkconfig neutron-server on [root@server10 ~(keystone_neutron)]# openstack-status 发现nova没有启动,networking没有启动。继续下面的配置吧 10.配置网络 [root@server10 ~(keystone_neutron)]# neutron-node-setup --plugin openvswitch -qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/openvswitch start(chkconfig openvswitch on) 11.配置接口(br-ex br-int) [root@server10 ~(keystone_neutron)]# ovs-vsctl add-br br-int (ovs-vsctl show 查看网络接口) [root@server10 ~(keystone_neutron)]# vim /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini integration_bridge = br-int [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-openvswitch-agent start Starting neutron-openvswitch-agent: [ OK ] [root@server10 ~(keystone_neutron)]# chkconfig neutron-openvswitch-agent on [root@server10 ~(keystone_neutron)]# chkconfig neutron-ovs-cleanup on [root@server10 ~(keystone_neutron)]# neutron-dhcp-setup --plugin openvswitch --qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-dhcp-agent start Starting neutron-dhcp-agent: [ OK ] [root@server10 ~(keystone_neutron)]# chkconfig neutron-dhcp-agent on 注意在查看dhcp时有错误: [root@server10 ~(keystone_admin)]# egrep 'ERROR|CRITICAL' /var/log/neutron/dhcp-agent.log 2014-08-02 13:36:31.633 25212 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver 显示的是firewall的错误,并不是我们的服务问题哦 11.1配置对外接口 #ovs-vsctl add-br br-ex #cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br-ex #vim /etc/sysconfig/network-scripts/ifcfg-eth0 (3条:设备名;开机自启动;MAC) #vim /etc/sysconfig/network-scripts/ifcfg-br-ex (设备名;MAC取消) #ovs-vsctl add-port br-ex eth0;service network restart [root@server10 ~(keystone_neutron)]# rpm -q iproute iproute-2.6.32-130.el6ost.netns.2.x86_64 11.2配置neutron网络 [root@server10 ~(keystone_neutron)]# neutron-l3-setup --plugin openvswitch --qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-l3-agent start [root@server10 ~(keystone_neutron)]# chkconfig neutron-l3-agent on 仍然有报错啊 [root@server10 network-scripts(keystone_admin)]# egrep 'ERROR|CRITICAL' /var/log/neutron/l3-agent.log 2014-08-02 13:45:27.151 27518 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver [root@server10 ~(keystone_neutron)]# openstack-status 查看网络,网络那块有两个没有启动 == Nova services == openstack-nova-api: dead (disabled on boot) 没有开机启动 openstack-nova-compute: dead (disabled on boot) openstack-nova-network: dead (disabled on boot) openstack-nova-scheduler: dead (disabled on boot) == Glance services == 其实到这里nova的相关还是有些问题的,继续配置nova节点 ############################################################################ 第七节 nova安装 切回admin用户执行 [root@server10 ~(keystone_admin)]# yum install -y openstack-nova openstack-nova-novncproxy [root@server10 ~(keystone_admin)]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# chown nova:nova /var/log/nova/ 初始化db数据库 [root@server10 ~(keystone_admin)]# openstack-db --init --service nova --password westos --rootpw westos 创建用户 root@server10 ~(keystone_admin)]# keystone user-create --name nova --pass westos +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | fd4f1d6540464a32b79c8e3a41ba7e70 | | name | nova | +----------+----------------------------------+ 绑定角色并且创建服务 [root@server10 ~(keystone_admin)]# keystone user-role-add --user nova --role admin --tenant services [root@server10 ~(keystone_admin)]# keystone service-create --name nova --type compute --description "openstack compute service " +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | openstack compute service | | id | 7dd84b0c66ea4cd891b11b66a1dab754 | | name | nova | | type | compute | +-------------+----------------------------------+ 创建endpoint:URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 7dd84b0c66ea4cd891b11b66a1dab754 \ > --publicurl 'http://server10.example.com:8774/v2/%(tenant_id)s' \ > --adminurl 'http://server10.example.com:8774/v2/%(tenant_id)s' \ > --internalurl 'http://server10.example.com:8774/v2/%(tenant_id)s' +-------------+---------------------------------------------------+ | Property | Value | +-------------+---------------------------------------------------+ | adminurl | http://server10.example.com:8774/v2/%(tenant_id)s | | id | ed1ecf2502b64c9eac29f8047fad7fe5 | | internalurl | http://server10.example.com:8774/v2/%(tenant_id)s | | publicurl | http://server10.example.com:8774/v2/%(tenant_id)s | | region | regionOne | | service_id | 7dd84b0c66ea4cd891b11b66a1dab754 | +-------------+---------------------------------------------------+ 修改配置文件: [root@server10 ~(keystone_admin)]# vim /etc/nova/api-paste.ini [filter:authtoken] 配置的最后部分 admin_tenant_name = services admin_user = nova admin_password = westos auth_host = 192.168.0.110 [root@server10 ~(keystone_admin)]# vim /etc/nova/nova.conf qpid_hostname=192.168.0.110 qpid_port=5671 qpid_username=qpidauth qpid_password=westos qpid_protocol=ssl vncserver_listen=192.168.0.110 vncserver_proxyclient_address=192.168.0.110 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver auth_strategy = keystone libvirt_type=qemu libvirt_cpu_mode=none verbose=true api_paste_config=api-paste.ini (# for i in /etc/init.d/openstack-nova*;do $i restart;done) #/etc/init.d/libvirtd start #/etc/init.d/openstack-nova-api start #/etc/init.d/openstack-nova-compute start #/etc/init.d/openstack-nova-conductor start #/etc/init.d/openstack-nova-consoleauth start #/etc/init.d/openstack-nova-novncproxy start #/etc/init.d/openstack-nova-scheduler start [root@server10 ~(keystone_admin)]# chkconfig libvirtd on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-api on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-compute on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-conductor on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-consoleauth on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-novncproxy on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-scheduler on [root@server10 ~(keystone_admin)]# openstack-status == Nova services == 相应的服务都会启动了active状态 == Keystone users == +----------------------------------+---------+---------+-------+ | id | name | enabled | email | +----------------------------------+---------+---------+-------+ | f90b1ed5677a42b0b70544367d804222 | admin | True | | | 912094d6e8c54864aa2606a13daae1c9 | cinder | True | | | 41be9c4c80b74ec4bc9df05636859985 | glance | True | | | fd4f1d6540464a32b79c8e3a41ba7e70 | nova | True | | | 2ea05745a8684da2bcd7ec12fa522cac | quantum | True | | | 2e86f4f604cd4edaa535caf8f19af9db | swift | True | | +----------------------------------+---------+---------+-------+ == Glance images == +--------------------------------------+---------+-------------+------------------+-----------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +--------------------------------------+---------+-------------+------------------+-----------+--------+ | dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb | qcow2 | bare | 92908032 | active | | 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2 | bare | 258146304 | active | +--------------------------------------+---------+-------------+------------------+-----------+--------+ == Nova managed services == +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ | nova-conductor | server10.example.com | internal | enabled | up | 2014-08-02T09:49:44.000000 | None | | nova-compute | server10.example.com | nova | enabled | up | 2014-08-02T09:49:44.000000 | None | | nova-consoleauth | server10.example.com | internal | enabled | up | 2014-08-02T09:49:46.000000 | None | | nova-scheduler | server10.example.com | internal | enabled | up | 2014-08-02T09:49:39.000000 | None | | nova-cells | server10.example.com | internal | enabled | up | 2014-08-02T09:49:43.000000 | None | | nova-console | server10.example.com | internal | enabled | up | 2014-08-02T09:49:45.000000 | None | | nova-network | server10.example.com | internal | enabled | up | 2014-08-02T09:49:38.000000 | None | | nova-cert | server10.example.com | internal | enabled | up | 2014-08-02T09:49:43.000000 | None | +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ == Nova networks == == Nova instance flavors == +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ == Nova instances == 所有检查OK! 如果能够到这步检查没有错误就可以放心的进行下面了。。 第八节 安装dashboard [root@server10 ~(keystone_admin)]# yum install mod_wsgi httpd mod_ssl openstack-dashboard python-memcached -y 配置dashboard配置 [root@server10 ~(keystone_admin)]# vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "192.168.0.110" ALLOWED_HOSTS = ['server10example.com', 'localhost','192.168.0.110'] CACHE_BACKEND = 'memcached://127.0.0.1:11211' [root@server10 ~(keystone_admin)]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# keystone role-list +----------------------------------+----------+ | id | name | +----------------------------------+----------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | ab686060308d470887911c19a8c011b4 | admin | +----------------------------------+----------+ [root@server10 ~(keystone_admin)]# keystone role-create --name Member 创建一个成员角色 +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 9fcca6054e0f45dc8bfb804219199e71 | | name | Member | +----------+----------------------------------+ 设置apache能够正确访问selinux规则 [root@server10 ~(keystone_admin)]# setsebool -P httpd_can_network_connect on [root@server10 ~(keystone_admin)]# /etc/init.d/httpd restart [root@server10 ~(keystone_admin)]# chkconfig httpd on 登录 https://server10.example.com/dashboard (username=admin passwd=westos) 如果不能登录就修改下面的文件(提示权限问题) #cd /var/lib/openstack-dashboard/ [root@server10 openstack-dashboard(keystone_admin)]# chown apache:apache .secret_key_store 重新登录:就可以进入界面了!!!
当然进去后会发现很多项目服务是空的,那么就需要我们按照第一天的步骤来一步步创建其他服务了。
更多高级配置请继续关注!