Openstack平台搭建之第二天

Openstack平台搭建之第二天

If you have any question ,please contact me by weichuangxxb@sina.cn or 371990778(qq).

环境准备: RHEL6.5 内存4G 硬盘70G yum源的制定(分别制定三个yum源,其中前面三个是自己本地定制的yum源) baseurl=ftp://instructor.example.com/pub/rhel6.5/Server baseurl=ftp://instructor.example.com/pub/errata baseurl=http://instructor.example.com/pub/OpenStack/ baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/ baseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/ #yum update -y ; reboot 第一节:qpid通信节点安装 2.安装qpid [root@server10 ~]# yum install -y qpid-cpp-server qpid-cpp-server-ssl cyrus-sasl-md5 3.创建用户 -f制定密码文件 -u 制定用户信息  以及db信息 [root@server10 ~]# saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID qpidauth [root@server10 ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb qpidauth@QPID: userPassword 4.创建认证文件 acl(默认不存在) [root@server10 ~]# echo 'acl allow qpidauth@QPID all all' > /etc/qpid/qpidauth.acl 5.读取acl文件  后台进程qpidd [root@server10 ~]# echo "QPIDD_OPTIONS='--acl-file /etc/qpid/qpidauth.acl'" >> /etc/sysconfig/qpidd 6.修改权限 root@server10 ~]# chown qpidd /etc/qpid/qpidauth.acl [root@server10 ~]# chmod 600 /etc/qpid/qpidauth.acl 7.修改/etc/qpidd.conf cluster-mechanism=DIGEST-MD5 auth=yes 8.创建独立的pki(目录权限) [root@server10 ~]# mkdir  /etc/pki/tls/qpid [root@server10 ~]# chmod 700 /etc/pki/tls/qpid/ [root@server10 ~]# chown qpidd /etc/pki/tls/qpid/ 查看qpidd用户(在安装软件的时候已经创建了) 9.增加密码和权限 [root@server10 ~]# echo westos > /etc/qpid/qpid.pass [root@server10 ~]# chmod 600 /etc/qpid/qpid.pass [root@server10 ~]# chown qpidd /etc/qpid/qpid.pass 10.生成认证证书(certutil) [root@server10 ~]# echo $HOSTNAME server10.example.com [root@server10 ~]# certutil -N -d /etc/pki/tls/qpid/ -f /etc/qpid/qpid.pass 注意查看/etc/pki/tls/qpid/目录下生成的文件(权限没有哦) 11制定加密序列 -n制定全主机名 (注意生成文件的权限) [root@server10 ~]# certutil -S -d /etc/pki/tls/qpid/ -n server10.example.com -s "CN=server10.example.com" -t "CT,," -x -f /etc/qpid/qpid.pass -z /usr/bin/certutil [root@server10 tls]# chown -R qpidd qpid/ 12.在主配置文件中制定相关的db,name以及pd (启动qpidd后进行查看日志) [root@server10 ~]#vim /etc/qpidd.conf ssl-cert-db=/etc/pki/tls/qpid ssl-cert-name=server10.example.com ssl-cert-password-file=/etc/qpid/qpid.pass require-encryption=yes [root@server10 ~]# /etc/init.d/qpidd restart [root@server10 ~]# tail -f /var/log/messages      显示正在running(h好像有个密码错误啊) [root@server10 ~]# chkconfig qpidd on ################ 第二节:身份识别系统:identity(全局使用) 1.安装keystone以及相关 [root@server10 ~]# yum install openstack-keystone openstack-selinux openstack-utils -y 2.初始话服务,向数据库中导入db文件(默认不会安装mysql'服务) [root@server10 ~]# openstack-db --init --service keystone      需要安装mysql服务并进行配置 3.创建keystone用户和密码(其实就是向数据库导入文件,也可以自己使用openssl导入) [root@server10 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone 4.修改相应ssl的权限(/etc/keystone/ssl) [root@server10 ~]# chown -R keystone:keystone /etc/keystone/ssl/ 5.生成认证文件并且额导入: [root@server10 ~]# openssl rand -hex 10             使用openssl加密前10 a030068247b339b52f37 [root@server10 ~]# echo a030068247b339b52f37 > /root/ks_admin_token [root@server10 ~]# cat ks_admin_token a030068247b339b52f37 [root@server10 ~]# export SERVICE_TOKEN=a030068247b339b52f37 6.导入到文件 [root@server10 ~]# export SERVICE_ENDPOINT=http://server10.example.com:35357/v2.0 7.配置keystone文件 [root@server10 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN [root@server10 ~]# vim /etc/keystone/keystone.conf   (删除一个default) 8.启动keystone(开机启动) [root@server10 ~]# /etc/init.d/openstack-keystone restart [root@server10 ~]# chkconfig openstack-keystone on 注意:启动后注意查看有没有报错啊,查看启动端口 [root@server10 ~]# grep ERROR /var/log/keystone/keystone.log 9.创建keystone服务(id) [root@server10 ~]# keystone service-create --name=keystone --type=identity --description="keystone identity service" +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |    keystone identity service     | |      id     | 5a1d8b6901f6450fa5b063e6a002601c | |     name    |             keystone             | |     type    |             identity             | +-------------+----------------------------------+ 注意:ID唯一哦 10.创建接口(外部 内部 管理接口) [root@server10 ~]# keystone endpoint-create --service-id 5a1d8b6901f6450fa5b063e6a002601c \ > --publicurl 'http://server10.example.com:5000/v2.0' \ > --adminurl 'http://server10.example.com:35357/v2.0' \ > --internalurl 'http://server10.example.com:5000/v2.0' +-------------+----------------------------------------+ |   Property  |                 Value                  | +-------------+----------------------------------------+ |   adminurl  | http://server10.example.com:35357/v2.0 | |      id     |    714dbd31a3bd45feafa7ca3539525fb2    | | internalurl | http://server10.example.com:5000/v2.0  | |  publicurl  | http://server10.example.com:5000/v2.0  | |    region   |               regionOne                | |  service_id |    5a1d8b6901f6450fa5b063e6a002601c    | +-------------+----------------------------------------+ 11.创建用户,角色,tenant(租户) [root@server10 ~]# keystone user-create --name admin --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | f90b1ed5677a42b0b70544367d804222 | |   name   |              admin               | +----------+----------------------------------+ [root@server10 ~]# keystone role-create --name admin +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |    id    | ab686060308d470887911c19a8c011b4 | |   name   |              admin               | +----------+----------------------------------+ [root@server10 ~]# keystone tenant-create --name admin +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |                                  | |   enabled   |               True               | |      id     | b4aa48fd47724a19a9e09eeb1d8199df | |     name    |              admin               | +-------------+----------------------------------+ 12.用户角色添加(关联上述的用户) [root@server10 ~]# keystone user-role-add --user admin --role admin --tenant admin 13.编辑kestone管理文件(自己创建) [root@server10 ~]# vim /root/keystonerc_admin export OS_USERNAME=admin export OS_TENANT_NAME=admin export OS_PASSWORD=westos export OS_AUTH_URL=http://server10.example.com:35357/v2.0/ export PS1='[\u@\h \W(keystone_admin)]\$ ' 14.清除配置,同时加载keystone加载到里面;显示keystone用户 [root@server10 ~]# unset SERVICE_TOKEN [root@server10 ~]# unset SERVICE_ENDPOINT [root@server10 ~]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# keystone user-list +----------------------------------+-------+---------+-------+ |                id                |  name | enabled | email | +----------------------------------+-------+---------+-------+ | f90b1ed5677a42b0b70544367d804222 | admin |   True  |       | +----------------------------------+-------+---------+-------+ 第三节 swift 存储(在主机上添加两块盘) 1.安装swift存储代理,帐号以及容器 [root@server10 ~(keystone_admin)]# yum install -y openstack-swift-proxy openstack-swift-object openstack-swift-container openstack-swift-account memcached -y 2.创建用户以及tenant(记住所有名字一样service) [root@server10 ~(keystone_admin)]# keystone user-create --name swift --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | 2e86f4f604cd4edaa535caf8f19af9db | |   name   |              swift               | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone tenant-create --name services +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |                                  | |   enabled   |               True               | |      id     | 4dd069c858834df99733119353d1c822 | |     name    |             services             | +-------------+----------------------------------+ 3.关联用户之间关系 [root@server10 ~(keystone_admin)]# keystone user-role-add --role admin --tenant services --user swift 4.服务创建 [root@server10 ~(keystone_admin)]# keystone service-create --name swift --type object-store --description "swift storage service" +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |      swift storage service       | |      id     | 970407c1c93248a3abe25e59e3da9108 | |     name    |              swift               | |     type    |           object-store           | +-------------+----------------------------------+ 5.定义认证的URL: [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 970407c1c93248a3abe25e59e3da9108 \ > --publicurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \ > --adminurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \ > --internalurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" +-------------+--------------------------------------------------------+ |   Property  |                         Value                          | +-------------+--------------------------------------------------------+ |   adminurl  | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | |      id     |            2f5a84921b3f4d2ba067f5dec2d9b529            | | internalurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | |  publicurl  | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s | |    region   |                       regionOne                        | |  service_id |            970407c1c93248a3abe25e59e3da9108            | +-------------+--------------------------------------------------------+ 6.查找盘符,并且创建主分区 [root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdb [root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdc 7.格式化分区  并且开机自动挂在(记得操作之前对文件进行备份) [root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdb1 [root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdc1 [root@server10 ~(keystone_admin)]# mkdir -p /srv/node/z{1,2}d1 [root@server10 etc(keystone_admin)]# cat /etc/fstab /dev/vdb1        /srv/node/z1d1        ext4     acl,user_xattr 0 0 /dev/vdc1        /srv/node/z2d1        ext4     acl,user_xattr 0 0 [root@server10 etc(keystone_admin)]# mount -a 8.编辑目录权限 [root@server10 node(keystone_admin)]# chown -R swift:swift /srv/node/ 9.编辑安全上下文 [root@server10 node(keystone_admin)]# restorecon -Rv /srv/ 将安全上下文转换成的类型修改为swift类型格式(可以实时查看) 10.编辑配置文件(可以将里面的文件都备份下/etc/swift/swift.conf(account/container/object)) [root@server10 node(keystone_admin)]# openssl rand -hex 10 ed7addafe2a3477d5e92 [root@server10 node(keystone_admin)]# cat /etc/swift/swift.conf [swift-hash] swift_hash_path_prefix = ed7addafe2a3477d5e92 swift_hash_path_suffix = ed7addafe2a3477d5e92 将三个文件的bind-ip改为自己的ip(192.168.0.110) #vim /etc/swift/container-server.conf #vim /etc/swift/account-server.conf #vim /etc/swift/object-server.conf 11.启动三个服务(开机自动启动) [root@server10 node(keystone_admin)]# chkconfig openstack-swift-container on [root@server10 node(keystone_admin)]# chkconfig openstack-swift-object on [root@server10 node(keystone_admin)]# chkconfig openstack-swift-account on 12.测试 Configure Swift Object Storage Service Rings 使用三个命令创建三个builder [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder create 12 2 1 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder create 12 2 1 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder create 12 2 1 执行下面命令:(有警告啊) #for i in 1 2 ; do  swift-ring-builder /etc/swift/account.builder add z${i}-192.168.0.110:6002/z${i}d1 100; done #for i in 1 2 ; do  swift-ring-builder /etc/swift/object.builder add z${i}-192.168.0.110:6000/z${i}d1 100; done #for i in 1 2 ; do  swift-ring-builder /etc/swift/container.builder add z${i}-192.168.0.110:6001/z${i}d1 100; done 12.1使用swift-ring-builder创建负载 [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder rebalance [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder rebalance [root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder rebalance [root@server10 node(keystone_admin)]# chown -R root:swift /etc/swift/ 13.启动代理服务 Deploy the Swift Object Storage Proxy Service 13.1编辑代理文件(procy-server.conf备份哦自己编写) [root@server10 node(keystone_admin)]# vim /etc/swift/proxy-server.conf [filter:authtoken] admin_tenant_name = services   注意名字的编写哦 admin_user = swift admin_password = westos auth_host = 192.168.0.110 ############# 13.2启动memcached和openstack-swift-proxy(记住开机自动启动) [root@server10 ~(keystone_admin)]# /etc/init.d/memcached start;/etc/init.d/openstack-swift-proxy start [root@server10 ~(keystone_admin)]#chkconfig memcached on;chkconfig openstack-swift-proxy on 14.创建容器: Validate the Swift Object Storage Configuration 14.1 截取1024的文件,并放置到对象存储区域(容器里面) 注意:必须得在/etc/swift目录吗    (必须的,因为是在上传目录啊发布目录) 问题:在第一次做的时候不小心把filter_authtoken 一个一个创建文件哦 [root@server10 swift(keystone_admin)]# head -c 1024 /dev/urandom > data(1,2,3).file  (为了测试分别创建多个data文件实际分别创建) #swift upload c1 data1.file           直接创建容器CX并上传文件 #swift upload c1 data2.file #swift upload c1 data3.file #swift upload c2 data3.file #swift upload c3 data3.file # swift list   可以查看生成的三个容器(c1 c2 c3) # swift list c1   查看c1容器存放的数据 # swift delete c3              删除容器 # swift delete c1 data3.file          删除容器里面的对象 详情可以查看swift --help 创建区域:swift upload c1 data1.file c指的是容器 接着在/srv/node下查看,其实两块存储存放的东西是一样的(z1d1和z2d2) /srv/node/z2d1/objects 第四节 :配置Glance Image服务 1.安装openstack-glance软件  [root@server10 ~(keystone_admin)]# yum install -y openstack-glance 2.编辑配置文件 [root@server10 ~(keystone_admin)]#cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig [root@server10 ~(keystone_admin)]# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.orig 拷贝新的配置文件 # cp /usr/share/glance/glance-registry-dist.conf /etc/glance/glance-registry.conf 3.初始化glance服务,创建密码(通过mysql使用上面的追加) [root@server10 ~(keystone_admin)]# openstack-db --init --service glance --password westos --rootpw westos 可以登录mysql进行查看相关的数据库 4.创建用户以及关联用户关系 [root@server10 ~(keystone_admin)]# keystone user-create --name glance --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | 41be9c4c80b74ec4bc9df05636859985 | |   name   |              glance              | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user glance --role admin --tenant services 5.编辑glance相关配置文件glance-api.conf [root@server10 ~(keystone_admin)]# vim /etc/glance/glance-api.conf [paste_deploy] flavor = keystone               认证方式 [keystone_authtoken]            配置认证方式 admin_tenant_name=services admin_user=glance admin_password=westos [DEFAULT] qpid_hostname = localhost              如果apid在远端可以增加IP qpid_username = qpidauth qpid_password = westos qpid_port = 5671 qpid_protocol = ssl  (5671是一般的加密接口) 6.编辑配置文件/etc/glance/glance-registry.conf [paste_deploy] flavor = keystone  (没空格不影响吧) [keystone_authtoken] admin_tenant_name = services admin_user = glance admin_password = westos 7.启动两个服务glance-api glance-registry #chkconfig openstack-glance-api on #chkconfig openstack-glance-registry on 查看日志,希望不要有错误 啊 # egrep 'ERROR|CRITICAL' /var/log/glance/* /var/log/glance/api.log:2014-07-30 14:09:13.298 21918 ERROR glance.store.sheepdog [-] Error in store configuration: Unexpected error while running command. 查看有一个牧羊犬错误,可以先不要管他 8.新建一个glance服务 [root@server10 ~(keystone_admin)]# keystone service-create --name glance --type image --description "glance image service" +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |       glance image service       | |      id     | a5806eaa7c4f4b0bac077d344b3e8c3f | |     name    |              glance              | |     type    |              image               | +-------------+----------------------------------+ 9.创建一个endpoint的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id a5806eaa7c4f4b0bac077d344b3e8c3f \ > --publicurl http://server10.example.com:9292 \ > --adminurl http://server10.example.com:9292 \ > --internalurl http://server10.example.com:9292 +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ |   adminurl  | http://server10.example.com:9292 | |      id     | 53bdf3b884724675bf9da11791bc1fbe | | internalurl | http://server10.example.com:9292 | |  publicurl  | http://server10.example.com:9292 | |    region   |            regionOne             | |  service_id | a5806eaa7c4f4b0bac077d344b3e8c3f | +-------------+----------------------------------+ 10.上传镜像:Use glance to Upload a System Image [root@server10 ~(keystone_admin)]# glance image-create --name xxb --is-public True --disk-format qcow2 --container-format bare --copy-from http://192.168.0.254/pub/materials/small.img +------------------+--------------------------------------+ | Property         | Value                                | +------------------+--------------------------------------+ | checksum         | None                                 | | container_format | bare                                 | | created_at       | 2014-07-30T06:33:15                  | | deleted          | False                                | | deleted_at       | None                                 | | disk_format      | qcow2                                | | id               | dd5135b4-c2ce-4c66-8b73-454705b2a310 | | is_public        | True                                 | | min_disk         | 0                                    | | min_ram          | 0                                    | | name             | xxb                                  | | owner            | b4aa48fd47724a19a9e09eeb1d8199df     | | protected        | False                                | | size             | 92908032                             | | status           | queued                               | | updated_at       | 2014-07-30T06:33:15                  | +------------------+--------------------------------------+ 10.1查看镜像信息 [root@server10 ~(keystone_admin)]# glance image-list +--------------------------------------+---------+-------------+------------------+-----------+--------+ | ID                                   | Name    | Disk Format | Container Format | Size      | Status | +--------------------------------------+---------+-------------+------------------+-----------+--------+ | dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb     | qcow2       | bare             | 92908032  | active | | 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2       | bare             | 258146304 | active | +--------------------------------------+---------+-------------+------------------+-----------+--------+ 10.2删除镜像 [root@server10 ~(keystone_admin)]#glance delete ID [root@server10 ~(keystone_admin)]# glance image-show xxb            查看xxb镜像详细信息 第五节:创建块存储,用来给云主机挂在使用的a 1.安装块存储软件: [root@server10 ~(keystone_admin)]# yum install -y openstack-cinder [root@server10 ~(keystone_admin)]#cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak [root@server10 ~(keystone_admin)]#cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf 2.初始化 [root@server10 ~(keystone_admin)]# openstack-db --init --service cinder --password westos --rootpw westos # openstack-db --drop  --service cinder            如果初始化错误可以使用这个删除cinder(重新执行) 3.创建相应的用户以及关联用户 [root@server10 ~(keystone_admin)]# keystone user-create --name cinder --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | 912094d6e8c54864aa2606a13daae1c9 | |   name   |              cinder              | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user cinder --role admin --tenant services 4.创建卷组 [root@server10 ~(keystone_admin)]# keystone service-create --name=cinder --type=volume --description="openstack block storage service" +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description | openstack block storage service  | |      id     | f8fbbcec6c864ac588f70ee396bb55da | |     name    |              cinder              | |     type    |              volume              | +-------------+----------------------------------+ 5.创建cinder的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id f8fbbcec6c864ac588f70ee396bb55da --publicurl 'http://server10.example.com:8776/v1/%(tenant_id)s' --adminurl 'http://server10.example.com:8776/v1/%(tenant_id)s' --internalurl 'http://server10.example.com:8776/v1/%(tenant_id)s' +-------------+---------------------------------------------------+ |   Property  |                       Value                       | +-------------+---------------------------------------------------+ |   adminurl  | http://server10.example.com:8776/v1/%(tenant_id)s | |      id     |          3116d4a05f2a4dac8dd712b10aaf4d09         | | internalurl | http://server10.example.com:8776/v1/%(tenant_id)s | |  publicurl  | http://server10.example.com:8776/v1/%(tenant_id)s | |    region   |                     regionOne                     | |  service_id |          f8fbbcec6c864ac588f70ee396bb55da         | +-------------+---------------------------------------------------+ 6..备份配置文件,并且进行修改内存 [root@server10 ~(keystone_admin)]# cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.orig [root@server10 ~(keystone_admin)]# cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf [root@server10 ~(keystone_admin)]#vim /etc/cinder/cinder.conf [keystone_authtoken] admin_tenant_name = services admin_user = cinder admin_password = westos [DEFAULT] qpid_username = qpidauth qpid_password = westos qpid_protocol = ssl qpid_port = 5671 7.启动服务并开机子启动 [root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-scheduler start [root@server10 ~(keystone_admin)]#/etc/init.d/openstack-cinder-api start [root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-volume start 8.配置共享存储iscsi echo 'include /etc/include/volumes/*' >> /etc/tgt/targets.conf [root@server10 ~(keystone_admin)]## /etc/init.d/tgtd start [root@server10 ~(keystone_admin)]##chkconfig tgtd on 9.查看openstack的整体状态 [root@server10 ~(keystone_admin)]## openstack-status == Glance services == openstack-glance-api:                   active openstack-glance-registry:              active == Keystone service == == Keystone users == Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens == Glance images == Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens 如果正常应该没有问题的(其实在配置过程中经常也会出现不能tokens这个问题,持续等待也许会好的。自己在做的时候也经常出现这个问题,也许就是靠人品咯) 10.创建一个卷组vol1 2G(测试逻辑卷的应用) 使用cinder工具创建一个名为vol1的逻辑卷大小2G [root@server10 ~(keystone_admin)]# cinder create --display-name vol1 2    +---------------------+--------------------------------------+ |       Property      |                Value                 | +---------------------+--------------------------------------+ |     attachments     |                  []                  | |  availability_zone  |                 nova                 | |       bootable      |                false                 | |      created_at     |      2014-07-30T08:03:05.551543      | | display_description |                 None                 | |     display_name    |                 vol1                 | |          id         | 7d8bde6b-4d83-439d-839a-1f9d5974d94c | |       metadata      |                  {}                  | |         size        |                  2                   | |     snapshot_id     |                 None                 | |     source_volid    |                 None                 | |        status       |               creating               | |     volume_type     |                 None                 | +---------------------+--------------------------------------+ 11.查看当前的逻辑卷大小 [root@server10 ~(keystone_admin)]#vgs [root@server10 ~(keystone_admin)]# vgs   VG             #PV #LV #SN Attr   VSize  VFree   cinder-volumes   1   1   0 wz--n-  4.97g 2.97g   vol0             1   2   0 wz--n- 29.97g    0 只要卷组是cinder的话就可以识别。在部署应答文件时里面就有一个块存储的卷20G #cinder list ################# 第六节  网络配置 1.创建网络 [root@server10 ~(keystone_admin)]# keystone service-create --name neutron --type network --description 'networking service' +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |        networking service        | |      id     | ffc971e1288e48df85a56291ddd9c621 | |     name    |             neutron              | |     type    |             network              | +-------------+----------------------------------+ 2.指定相应的URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id ffc971e1288e48df85a56291ddd9c621 \ > --publicurl http://server10.example.com:9696 \ > --adminurl http://server10.example.com:9696 \ > --internalurl http://server10.example.com:9696 +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ |   adminurl  | http://server10.example.com:9696 | |      id     | 2af628a5043a4bb1ab7e5990305c7a84 | | internalurl | http://server10.example.com:9696 | |  publicurl  | http://server10.example.com:9696 | |    region   |            regionOne             | |  service_id | ffc971e1288e48df85a56291ddd9c621 | +-------------+----------------------------------+ 3.创建用户以及关联相关 [root@server10 ~(keystone_admin)]# keystone user-create --name neutron --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | e8a059a320ef4ed5973bb245e56ceb67 | |   name   |             neutron              | +----------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone user-role-add --user neutron --role admin --tenant services 4.查看用户 [root@server10 ~(keystone_admin)]# keystone user-role-list +----------------------------------+-------+----------------------------------+----------------------------------+ |                id                |  name |             user_id              |            tenant_id             | +----------------------------------+-------+----------------------------------+----------------------------------+ | ab686060308d470887911c19a8c011b4 | admin | f90b1ed5677a42b0b70544367d804222 | b4aa48fd47724a19a9e09eeb1d8199df | +----------------------------------+-------+----------------------------------+----------------------------------+ [root@server10 ~(keystone_admin)]# keystone --os-username neutron --os-password westos --os-tenant-name services user-role-list +----------------------------------+-------+----------------------------------+----------------------------------+ |                id                |  name |             user_id              |            tenant_id             | +----------------------------------+-------+----------------------------------+----------------------------------+ | 59d0d13373894bcdb8ad06852a620117 | admin | e8a059a320ef4ed5973bb245e56ceb67 | 3a4b064f7782481fbde472d25d3e496f | +----------------------------------+-------+----------------------------------+----------------------------------+ 5.安装networking软件包 [root@server10 neutron(keystone_admin)]# yum install -y openstack-neutron openstack-neutron-openvswitch 查看下qpidd的状态 6.配置主要文件: [root@server10 neutron(keystone_admin)]# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend=neutron.openstack.common.rpc.impl_qpid qpid_hostname = 192.168.0.110 qpid_port = 5671 qpid_username = qpidauth qpid_password = westos qpid_protocol = ssl [keystone_authtoken]  admin_tenant_name = services  admin_user = neutron  admin_password = westos [agent] root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf 7.编辑配置文件(用户admin文件cp后修改) [root@server10 ~(keystone_admin)]# cat /root/keystonerc_neutron export OS_USERNAME=neutron    修改 export OS_TENANT_NAME=services  修改 export OS_PASSWORD=westos export OS_AUTH_URL=http://server10.example.com:35357/v2.0/ export PS1='[\u@\h \W(keystone_neutron)]\$ ' 8.切换到网络用户neutron [root@server10 ~(keystone_neutron)]# yum install openstack-nova-common -y [root@server10 ~(keystone_neutron)]# neutron-server-setup --yes --rootpw westos --plugin openvswitch [root@server10 ~(keystone_neutron)]# neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp head No handlers could be found for logger "neutron.common.legacy"            好像有错啊(不过没有直接报错可以不用管) 9.开启服务 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-server start [root@server10 ~(keystone_neutron)]# chkconfig neutron-server on [root@server10 ~(keystone_neutron)]# openstack-status 发现nova没有启动,networking没有启动。继续下面的配置吧 10.配置网络 [root@server10 ~(keystone_neutron)]# neutron-node-setup --plugin openvswitch -qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/openvswitch start(chkconfig openvswitch on) 11.配置接口(br-ex br-int) [root@server10 ~(keystone_neutron)]# ovs-vsctl add-br br-int   (ovs-vsctl show 查看网络接口) [root@server10 ~(keystone_neutron)]# vim /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini integration_bridge = br-int [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-openvswitch-agent start Starting neutron-openvswitch-agent:                        [  OK  ] [root@server10 ~(keystone_neutron)]# chkconfig neutron-openvswitch-agent on [root@server10 ~(keystone_neutron)]# chkconfig neutron-ovs-cleanup on [root@server10 ~(keystone_neutron)]# neutron-dhcp-setup --plugin openvswitch --qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-dhcp-agent start Starting neutron-dhcp-agent:                               [  OK  ] [root@server10 ~(keystone_neutron)]# chkconfig neutron-dhcp-agent on 注意在查看dhcp时有错误: [root@server10 ~(keystone_admin)]# egrep 'ERROR|CRITICAL' /var/log/neutron/dhcp-agent.log 2014-08-02 13:36:31.633 25212 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver 显示的是firewall的错误,并不是我们的服务问题哦 11.1配置对外接口 #ovs-vsctl add-br br-ex #cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br-ex #vim /etc/sysconfig/network-scripts/ifcfg-eth0 (3条:设备名;开机自启动;MAC) #vim /etc/sysconfig/network-scripts/ifcfg-br-ex (设备名;MAC取消) #ovs-vsctl add-port br-ex eth0;service network restart [root@server10 ~(keystone_neutron)]# rpm -q iproute iproute-2.6.32-130.el6ost.netns.2.x86_64 11.2配置neutron网络 [root@server10 ~(keystone_neutron)]# neutron-l3-setup --plugin openvswitch --qhost 192.168.0.110 [root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-l3-agent start [root@server10 ~(keystone_neutron)]# chkconfig neutron-l3-agent on 仍然有报错啊 [root@server10 network-scripts(keystone_admin)]# egrep 'ERROR|CRITICAL' /var/log/neutron/l3-agent.log 2014-08-02 13:45:27.151 27518 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver [root@server10 ~(keystone_neutron)]# openstack-status                 查看网络,网络那块有两个没有启动 == Nova services == openstack-nova-api:                     dead      (disabled on boot)     没有开机启动 openstack-nova-compute:                 dead      (disabled on boot) openstack-nova-network:                 dead      (disabled on boot) openstack-nova-scheduler:               dead      (disabled on boot) == Glance services == 其实到这里nova的相关还是有些问题的,继续配置nova节点 ############################################################################ 第七节 nova安装 切回admin用户执行 [root@server10 ~(keystone_admin)]# yum install -y openstack-nova openstack-nova-novncproxy [root@server10 ~(keystone_admin)]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# chown nova:nova /var/log/nova/ 初始化db数据库 [root@server10 ~(keystone_admin)]# openstack-db --init --service nova --password westos --rootpw westos 创建用户 root@server10 ~(keystone_admin)]# keystone user-create --name nova --pass westos +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |  email   |                                  | | enabled  |               True               | |    id    | fd4f1d6540464a32b79c8e3a41ba7e70 | |   name   |               nova               | +----------+----------------------------------+ 绑定角色并且创建服务 [root@server10 ~(keystone_admin)]# keystone user-role-add --user nova --role admin --tenant services [root@server10 ~(keystone_admin)]# keystone service-create --name nova --type compute --description "openstack compute service " +-------------+----------------------------------+ |   Property  |              Value               | +-------------+----------------------------------+ | description |    openstack compute service     | |      id     | 7dd84b0c66ea4cd891b11b66a1dab754 | |     name    |               nova               | |     type    |             compute              | +-------------+----------------------------------+ 创建endpoint:URL [root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 7dd84b0c66ea4cd891b11b66a1dab754 \ > --publicurl 'http://server10.example.com:8774/v2/%(tenant_id)s' \ > --adminurl 'http://server10.example.com:8774/v2/%(tenant_id)s' \ > --internalurl 'http://server10.example.com:8774/v2/%(tenant_id)s' +-------------+---------------------------------------------------+ |   Property  |                       Value                       | +-------------+---------------------------------------------------+ |   adminurl  | http://server10.example.com:8774/v2/%(tenant_id)s | |      id     |          ed1ecf2502b64c9eac29f8047fad7fe5         | | internalurl | http://server10.example.com:8774/v2/%(tenant_id)s | |  publicurl  | http://server10.example.com:8774/v2/%(tenant_id)s | |    region   |                     regionOne                     | |  service_id |          7dd84b0c66ea4cd891b11b66a1dab754         | +-------------+---------------------------------------------------+ 修改配置文件: [root@server10 ~(keystone_admin)]# vim /etc/nova/api-paste.ini [filter:authtoken]  配置的最后部分 admin_tenant_name = services admin_user = nova admin_password = westos auth_host = 192.168.0.110 [root@server10 ~(keystone_admin)]# vim /etc/nova/nova.conf qpid_hostname=192.168.0.110 qpid_port=5671 qpid_username=qpidauth qpid_password=westos qpid_protocol=ssl vncserver_listen=192.168.0.110 vncserver_proxyclient_address=192.168.0.110 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver auth_strategy = keystone libvirt_type=qemu libvirt_cpu_mode=none verbose=true api_paste_config=api-paste.ini (# for i in /etc/init.d/openstack-nova*;do $i restart;done) #/etc/init.d/libvirtd start #/etc/init.d/openstack-nova-api start #/etc/init.d/openstack-nova-compute start #/etc/init.d/openstack-nova-conductor start #/etc/init.d/openstack-nova-consoleauth start #/etc/init.d/openstack-nova-novncproxy start #/etc/init.d/openstack-nova-scheduler start [root@server10 ~(keystone_admin)]# chkconfig libvirtd on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-api on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-compute on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-conductor on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-consoleauth on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-novncproxy on [root@server10 ~(keystone_admin)]# chkconfig openstack-nova-scheduler on [root@server10 ~(keystone_admin)]# openstack-status == Nova services == 相应的服务都会启动了active状态 == Keystone users == +----------------------------------+---------+---------+-------+ |                id                |   name  | enabled | email | +----------------------------------+---------+---------+-------+ | f90b1ed5677a42b0b70544367d804222 |  admin  |   True  |       | | 912094d6e8c54864aa2606a13daae1c9 |  cinder |   True  |       | | 41be9c4c80b74ec4bc9df05636859985 |  glance |   True  |       | | fd4f1d6540464a32b79c8e3a41ba7e70 |   nova  |   True  |       | | 2ea05745a8684da2bcd7ec12fa522cac | quantum |   True  |       | | 2e86f4f604cd4edaa535caf8f19af9db |  swift  |   True  |       | +----------------------------------+---------+---------+-------+ == Glance images == +--------------------------------------+---------+-------------+------------------+-----------+--------+ | ID                                   | Name    | Disk Format | Container Format | Size      | Status | +--------------------------------------+---------+-------------+------------------+-----------+--------+ | dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb     | qcow2       | bare             | 92908032  | active | | 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2       | bare             | 258146304 | active | +--------------------------------------+---------+-------------+------------------+-----------+--------+ == Nova managed services == +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ | Binary           | Host                 | Zone     | Status  | State | Updated_at                 | Disabled Reason | +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ | nova-conductor   | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:44.000000 | None            | | nova-compute     | server10.example.com | nova     | enabled | up    | 2014-08-02T09:49:44.000000 | None            | | nova-consoleauth | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:46.000000 | None            | | nova-scheduler   | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:39.000000 | None            | | nova-cells       | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:43.000000 | None            | | nova-console     | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:45.000000 | None            | | nova-network     | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:38.000000 | None            | | nova-cert        | server10.example.com | internal | enabled | up    | 2014-08-02T09:49:43.000000 | None            | +------------------+----------------------+----------+---------+-------+----------------------------+-----------------+ == Nova networks == == Nova instance flavors == +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name      | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1  | m1.tiny   | 512       | 1    | 0         |      | 1     | 1.0         | True      | | 2  | m1.small  | 2048      | 20   | 0         |      | 1     | 1.0         | True      | | 3  | m1.medium | 4096      | 40   | 0         |      | 2     | 1.0         | True      | | 4  | m1.large  | 8192      | 80   | 0         |      | 4     | 1.0         | True      | | 5  | m1.xlarge | 16384     | 160  | 0         |      | 8     | 1.0         | True      | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ == Nova instances == 所有检查OK! 如果能够到这步检查没有错误就可以放心的进行下面了。。 第八节 安装dashboard [root@server10 ~(keystone_admin)]# yum install mod_wsgi httpd mod_ssl openstack-dashboard python-memcached -y 配置dashboard配置 [root@server10 ~(keystone_admin)]# vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "192.168.0.110" ALLOWED_HOSTS = ['server10example.com', 'localhost','192.168.0.110'] CACHE_BACKEND = 'memcached://127.0.0.1:11211' [root@server10 ~(keystone_admin)]# source /root/keystonerc_admin [root@server10 ~(keystone_admin)]# keystone role-list +----------------------------------+----------+ |                id                |   name   | +----------------------------------+----------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | ab686060308d470887911c19a8c011b4 |  admin   | +----------------------------------+----------+ [root@server10 ~(keystone_admin)]# keystone role-create --name Member      创建一个成员角色 +----------+----------------------------------+ | Property |              Value               | +----------+----------------------------------+ |    id    | 9fcca6054e0f45dc8bfb804219199e71 | |   name   |              Member              | +----------+----------------------------------+ 设置apache能够正确访问selinux规则 [root@server10 ~(keystone_admin)]# setsebool -P httpd_can_network_connect on [root@server10 ~(keystone_admin)]# /etc/init.d/httpd restart [root@server10 ~(keystone_admin)]# chkconfig httpd on 登录 https://server10.example.com/dashboard    (username=admin  passwd=westos) 如果不能登录就修改下面的文件(提示权限问题) #cd /var/lib/openstack-dashboard/ [root@server10 openstack-dashboard(keystone_admin)]# chown apache:apache .secret_key_store 重新登录:就可以进入界面了!!!

当然进去后会发现很多项目服务是空的,那么就需要我们按照第一天的步骤来一步步创建其他服务了。

更多高级配置请继续关注!

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏随心DevOps

[实战篇] Python 运维中使用并发

今天从大哥手里接了一个需求: 验证一下新的 Docker 镜像仓库(Docker Registry)是否迁移成功了 简单粗暴的方法就是拿到老仓库中的镜像列表(I...

42712
来自专栏IT技术精选文摘

JVM致命错误日志(hs_err_pid.log)分析

当jvm出现致命错误时,会生成一个错误文件 hs_err_pid<pid>.log,其中包括了导致jvm crash的重要信息,可以通过分析该文件定位到导致cr...

6145
来自专栏张首富-小白的成长历程

redis缓存服务器

#你当前没有指定配置文件,以默认的配置文件启动,如果你想指定配置文件你可以redis-server 文件所在位置

5012
来自专栏邹立巍的专栏

Linux 的进程间通信:消息队列

Linux 环境提供了 XSI 和 POSIX 两套消息队列,本文将帮助您掌握以下内容:如何使用 XSI 消息队列,如何使用 POSIX 消息队列,它们的底层实...

7580
来自专栏名山丶深处

springboot集成schedule(深度理解)

6425
来自专栏云计算

腾讯云支持 Terraform 开发实践

这篇文章从系统架构开始,到核心库讲解,到实践开发,再到单元测试,比较完整的描述了支持Terraform的开发全过程。

4.2K17
来自专栏博客园迁移

redis见解

http://blog.csdn.net/zhiguozhu/article/details/50517527 Redis 原生session与redis中的s...

1891
来自专栏散尽浮华

Centos7下关于系统用户密码规则-运维笔记

1)密码长度、有效期 /etc/login.defs文件是当创建用户时的一些规划,比如创建用户时,是否需要家目录,UID和GID的范围;用户的期限等等,这个文...

3764
来自专栏崔庆才的专栏

一看就懂,Python 日志模块详解及应用

Windows网络操作系统都设计有各种各样的日志文件,如应用程序日志,安全日志、系统日志、Scheduler服务日志、FTP日志、WWW日志、DNS服务器日志等...

1504
来自专栏JackeyGao的博客

一个超级小的 Django 项目.

当用最简单的代码实现 Django 项目为最基本的要素的时候, 项目可以和微框架一样小.

1952

扫码关注云+社区

领取腾讯云代金券