本文提供了一步一步的指南,详细介绍了如何在Ubuntu 12.04系统上安装并配置OpenStack Essex版本的各个组件,包括Nova、Keystone、Glance和Horizon等核心服务。教程涵盖了数据库设置、网络配置、服务安装与配置、环境变量设置、服务启动与验证等关键步骤。
参考原文地址:http://www.chenshake.com/ubuntu-12-04-openstack-essex-installation-single-node/
Nova,Keystone,Glance,Horizon都采用mysql
Keystone 的endpoint也导入到mysql里
自己安装心得:
试用命令的地方在操作的时候去掉换行符 \ (如果有这个符号的话)
开始安装openstack
Bridge
目前Openstack的网络是通过linux的bridge和iptables来实现的。
apt-get -y install bridge-utils重启网络
/etc/init.d/networking restartRabbitMQ和Memcache 等
RabbitMQ是用来做调度使用。Memcache是给Dashboard使用。
apt-get install -y rabbitmq-server memcached python-memcache kvm libvirt-bin
MYSQL
在Openstack组件里,Nova,Keystone, Glance, Horizon, 都需要用到数据库。所以我们需要创建相关的数据库和用户。
默认Dashboard (horizon)是使用sqlite,文档大部分都是没有修改。生产环境建议改成mysql。参考
| 应用数据库 | 数据库用户 | 密码 |
| mysql | root | password |
| nova | nova | password |
| glance | glance | password |
| keystone | keystone | password |
| horizon | horizon | password |
安装
Openstack都是Python写的,所以你需要python-mysqldb,安装过程,会提示你输入mysql的root的密码。
apt-get install -y mysql-server python-mysqldb配置
编辑/etc/mysql/my.cnf, 允许网络访问mysql
#bind-address = 127.0.0.1
bind-address = 0.0.0.0或者直接运行下面命令
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf重启mysql服务
service mysql restart创建相关数据库
mysql -uroot -ppassword
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'password';
CREATE DATABASE horizon;
GRANT ALL PRIVILEGES ON horizon.* TO 'horizon'@'%'IDENTIFIED BY 'password';
quit
执行到这里,继续安装没有问题,但是用这些用户访问数据库的时候
mysql -unova -ppassword
会出现如下错误:
ERROR 1045(28000):Access denied for user 'nova'@'localhost' (usering password:YES);
解决办法用root用户进入mysql;
mysql -uroot -ppassword
use mysql;
insert into user(user,password,host) values('nova',password('password'),'localhost');
即可。
Keystone
Keystone是Openstack的核心,所有的组件,都需要通过keystone进行认证和授权。
| 租户(tenant) | 用户 | 密码 | |
| admin | admin | chenshake | |
| service | nova | chenshake | |
| glance | chenshake | ||
| swift | chenshake |
安装
apt-get install -y keystone python-keystone python-mysqldb python-keystoneclient配置
编辑/etc/keystone/keystone.conf,需要修改
- keystone的默认token是ADMIN,我这里修改chenshake
- 默认是采用sqlite连接,我们需要改成mysql
[DEFAULT]
#bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
#admin_token = ADMIN
admin_token = chenshake
[sql]
#connection = sqlite:////var/lib/keystone/keystone.db
connection = mysql://keystone:password@10.1.199.17/keystone
注:IP修改为安装openstack的机器Ip
或者运行下面命令
sed -i 's/ADMIN/chenshake/g' /etc/keystone/keystone.conf
sed -i '/sqlite/s/^/#/' /etc/keystone/keystone.conf
sed -i '/sqlite/a\connection = mysql://keystone:password@10.1.199.17/keystone' /etc/keystone/keystone.conf
重启服务
service keystone restart
同步keystone数据库
keystone-manage db_synckeystone的数据库,需要导入数据和endpoint,你可以一步一步用命令行导入,可以参考keystone白皮书
为了方便,你可以直接使用下面2个脚本来进行全部的设置
- keystone_data.sh导入用户信息
- endpoints.sh 设置endpoint
为了避免自己保存的这两个文件丢失,而网络上的文件时长更新,和此文档不一致,所以把两个文件的文件内容放在这里
1.keystone_data.sh文件内容:
#!/bin/bash
#
# Initial data for Keystone using python-keystoneclient
#
# Tenant User Roles
# ------------------------------------------------------------------
# admin admin admin
# service glance admin
# service nova admin, [ResellerAdmin (swift only)]
# service quantum admin # if enabled
# service swift admin # if enabled
# demo admin admin
# demo demo Member, anotherrole
# invisible_to_admin demo Member
#
# Variables set before calling this script:
# SERVICE_TOKEN - aka admin_token in keystone.conf
# SERVICE_ENDPOINT - local Keystone admin endpoint
# SERVICE_TENANT_NAME - name of tenant containing service accounts
# ENABLED_SERVICES - stack.sh's list of services to start
# DEVSTACK_DIR - Top-level DevStack directory
ADMIN_PASSWORD=${ADMIN_PASSWORD:-chenshake}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
export SERVICE_TOKEN="chenshake"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
ENABLED_SERVICES="swift"
function get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}
# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
#DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
#INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)
# Users
ADMIN_USER=$(get_id keystone user-create --name=admin \
--pass="$ADMIN_PASSWORD" \
--email=admin@chenshake.com)
#DEMO_USER=$(get_id keystone user-create --name=demo \
# --pass="$ADMIN_PASSWORD" \
# --email=demo@chenshake.com)
# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
# Add Roles to Users in Tenants
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
#keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
#keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
# TODO(termie): these two might be dubious
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT
# The Member role is used by Horizon and Swift so we need to keep it:
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
#keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
#keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT
# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=nova@chenshake.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $ADMIN_ROLE
GLANCE_USER=$(get_id keystone user-create --name=glance \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=glance@chenshake.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $GLANCE_USER \
--role $ADMIN_ROLE
if [[ "$ENABLED_SERVICES" =~ "swift" ]]; then
SWIFT_USER=$(get_id keystone user-create --name=swift \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=swift@chenshake.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $SWIFT_USER \
--role $ADMIN_ROLE
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $NOVA_USER \
--role $RESELLER_ROLE
fi
if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
QUANTUM_USER=$(get_id keystone user-create --name=quantum \
--pass="$SERVICE_PASSWORD" \
--tenant_id $SERVICE_TENANT \
--email=quantum@chenshake.com)
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user $QUANTUM_USER \
--role $ADMIN_ROLE
fi
2.endpoints.sh文件内容
#!/bin/sh
# Author: Martin Gerhard Loschwitz
# (c) 2012 hastexo Professional Services GmbH
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# On Debian-based systems the full text of the Apache version 2.0
# license can be found in `/usr/share/common-licenses/Apache-2.0'.
# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=localhost
# other definitions
MASTER=localhost
while getopts "u:D:p:m:K:R:E:S:T:vh" opt; do
case $opt in
u)
MYSQL_USER=$OPTARG
;;
D)
MYSQL_DATABASE=$OPTARG
;;
p)
MYSQL_PASSWORD=$OPTARG
;;
m)
MYSQL_HOST=$OPTARG
;;
K)
MASTER=$OPTARG
;;
R)
KEYSTONE_REGION=$OPTARG
;;
E)
export SERVICE_ENDPOINT=$OPTARG
;;
S)
SWIFT_MASTER=$OPTARG
;;
T)
export SERVICE_TOKEN=$OPTARG
;;
v)
set -x
;;
h)
cat <<EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
[-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ]
[ -S swift_master ] [ -T keystone_token ]
Add -v for verbose mode, -h to display this message.
EOF
exit 0
;;
\?)
echo "Unknown option -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument" >&2
exit 1
;;
esac
done
if [ -z "$KEYSTONE_REGION" ]; then
echo "Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_TOKEN" ]; then
echo "Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable." >&2
missing_args="true"
fi
if [ -z "$SERVICE_ENDPOINT" ]; then
echo "Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable." >&2
missing_args="true"
fi
if [ -z "$MYSQL_PASSWORD" ]; then
echo "MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable." >&2
missing_args="true"
fi
if [ -n "$missing_args" ]; then
exit 1
fi
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name volume --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name swift --type object-store --description 'OpenStack Storage Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
create_endpoint () {
case $1 in
compute)
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8774/v2/%(tenant_id)s'
;;
volume)
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --adminurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s' --internalurl 'http://'"$MASTER"':8776/v1/%(tenant_id)s'
;;
image)
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':9292/v1' --adminurl 'http://'"$MASTER"':9292/v1' --internalurl 'http://'"$MASTER"':9292/v1'
;;
object-store)
if [ $SWIFT_MASTER ]; then
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$SWIFT_MASTER"':8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$SWIFT_MASTER"':8080/v1' --internalurl 'http://'"$SWIFT_MASTER"':8080/v1/AUTH_%(tenant_id)s'
else
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8080/v1/AUTH_%(tenant_id)s' --adminurl 'http://'"$MASTER"':8080/v1' --internalurl 'http://'"$MASTER"':8080/v1/AUTH_%(tenant_id)s'
fi
;;
identity)
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':5000/v2.0' --adminurl 'http://'"$MASTER"':35357/v2.0' --internalurl 'http://'"$MASTER"':5000/v2.0'
;;
ec2)
keystone endpoint-create --region $KEYSTONE_REGION --service_id $2 --publicurl 'http://'"$MASTER"':8773/services/Cloud' --adminurl 'http://'"$MASTER"':8773/services/Admin' --internalurl 'http://'"$MASTER"':8773/services/Cloud'
;;
esac
}
for i in compute volume image object-store identity ec2; do
id=`mysql -h "$MYSQL_HOST" -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -ss -e "SELECT id FROM service WHERE type='"$i"';"` || exit 1
create_endpoint $i $id
done
操作:
Keystone Data
chmod +x keystone_data.sh
对于keystone_data.sh 脚本,默认的登陆dashboard的密码是:chenshake,Token是chenshake。你可以根据你的情况进行调整。
第一行是登陆dashboard的密码。
第三行是上面设置的Keystone的Token
ADMIN_PASSWORD=${ADMIN_PASSWORD:-chenshake}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
export SERVICE_TOKEN="chenshake"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
ENABLED_SERVICES="swift"
运行脚本
./keystone_data.sh没任何输出,就表示正确,可以通过下面命令检查
echo $?显示0,就表示脚本正确运行,千万不要重复运行脚本。
Endpoint 导入
endpoints.sh 文件内容如上
chmod +x endpoints.sh
这个脚本运行,需要使用不少参数
./endpoints.sh -m 10.1.199.17 -u keystone -D keystone \
-p password -T chenshake -K 10.1.199.17 \
-R RegionOne -E "http://localhost:35357/v2.0" -S 10.1.199.17./endpoints.sh -m 10.1.199.17 -u keystone -D keystone -p password -T chenshake -K 10.1.199.17 -R RegionOne -E "http://localhost:35357/v2.0" -S 10.1.199.17-m mysql_hostname
-u mysql_username
-D mysql_database
-p mysql_password
-K keystone 服务器IP
-R keystone_region
-E keystone_endpoint_url
-S swift proxy节点IP
-T keystone_token
正常运行,会输出一堆内容。
设置环境变量
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=chenshake
export OS_AUTH_URL=http://localhost:5000/v2.0/
检查当前的环境变量
root@node12:~# export | grep OS_
declare -x OS_AUTH_URL="http://localhost:5000/v2.0/"
declare -x OS_PASSWORD="chenshake"
declare -x OS_TENANT_NAME="admin"
declare -x OS_USERNAME="admin"
测试
通过下面命令,可以检查keystone的设置是否正确。需要确保你的环境变量设置正确。另外需要注意的是环境变量的设置,如果你退出ssh后再登陆,需要重新设置。
keystone user-listkeystone endpoint-list
keystone tenant-list
keystone role-list
Glance
Glance是提供镜像管理服务,可以理解成一个中间件,后面的存储可以是本地存储,也可以使用swift存储。
安装
apt-get install -y glance glance-api glance-client glance-common glance-registry python-glance
配置
编辑 /etc/glance/glance-api-paste.ini,/etc/glance/glance-registry-paste.ini,两个文件,都是修改文档最后3行
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
admin_tenant_name = service
admin_user = glance
admin_password = chenshake也可以直接运行下面两条命令,实现修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/chenshake/g; " /etc/glance/glance-api-paste.ini
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/chenshake/g; " /etc/glance/glance-registry-paste.ini
编辑/etc/glance/glance-registry.conf,改成使用mysql验证
注意修改IP
#sql_connection = sqlite:////var/lib/glance/glance.sqlitesql_connection = mysql://glance:password@10.1.199.17/glance
或者运行下面命令实现修改
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"password"'@'"10.1.199.17"'/glance|g}' /etc/glance/glance-registry.conf
编辑/etc/glance/glance-registry.conf 和 /etc/glance/glance-api.conf,都在文件末尾添加两行
[paste_deploy]
flavor = keystone
或者运行下面命令,完成修改
cat <<EOF >>/etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone
EOF
cat <<EOF >>/etc/glance/glance-registry.conf
[paste_deploy]
flavor = keystone
EOF
重启glance服务
service glance-api restart && service glance-registry restart
同步glance数据库
glance-manage version_control 0
glance-manage db_sync
看到下面的输出,表示正常的。
/usr/lib/python2.7/dist-packages/glance/registry/db/migrate_repo/versions/003_add_disk_format.py:47: SADeprecationWarning: useexistingis deprecated. Use extend_existing. useexisting=True)
重启glance服务
service glance-api restart && service glance-registry restart设置永久生效环境变量
为了简化日后的操作,这里设置永久的环境变量
修改 /etc/profile , 在末尾添加下面内容
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=chenshake
export OS_AUTH_URL=http://localhost:5000/v2.0/
测试
glance index没有输出,表示正常,因为目前还没有镜像。
下载Image
我们下载CirrOS的image作为测试使用,只有10M。如果是ubuntu官方的image,220M,并且ubuntu官方的image,都是需要使用密钥登陆。
CirrOS
下载image
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
上传image 注意去掉换行符 \
glance add name=cirros-0.3.0-x86_64 is_public=true container_format=bare \
disk_format=qcow2 < /root/cirros-0.3.0-x86_64-disk.img
Cirros,是可以使用用户名和密码登陆,也可以使用密钥登陆
user:cirros
password:cubswin:)
Ubuntu官方image
下载image
wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
上传image 注意去掉换行符
glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf \
disk_format=qcow2 < /root/precise-server-cloudimg-amd64-disk1.imguser:ubuntu
只能使用密钥登陆。
查看image
glance index
Nova
安装
apt-get install -y nova-api nova-cert nova-common nova-objectstore \nova-scheduler nova-volume nova-consoleauth novnc python-nova python-novaclient \nova-compute nova-compute-kvm nova-network
如果你希望控制节点,不安装计算服务,那么 nova-compute nova-compute-kvm nova-network 这3个包不安装就可以。
配置
编辑 /etc/nova/api-paste.ini , 修改末尾3行
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
admin_tenant_name = service
admin_user = nova
admin_password = chenshake
或者运行下面命令进行修改
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/chenshake/g; " /etc/nova/api-paste.ini
编辑/etc/nova/nova.conf 文件,
下面是我的nova.conf 文件的配置。需要注意的一点是Essex版本的nova,配置文件不需要前面加上 — 。日后我会逐步调整nova.conf 文件,让他更加可读和方便大家理解。
为了简单,大家直接copy下面内容,运行就可以。
如果你是在虚拟机里安装,你需要吧 libvirt_type=kvm 改成 ibvirt_type=qemu
[DEFAULT]
###### LOGS/STATE
#verbose=True
verbose=False
###### AUTHENTICATION
auth_strategy=keystone
###### SCHEDULER
#--compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
scheduler_driver=nova.scheduler.simple.SimpleScheduler
###### VOLUMES
volume_group=nova-volumes
volume_name_template=volume-%08x
iscsi_helper=tgtadm
###### DATABASE
sql_connection=mysql://nova:password@192.168.236.132/nova
###### COMPUTE
libvirt_type=kvm
#libvirt_type=qemu
connection_type=libvirt
instance_name_template=instance-%08x
api_paste_config=/etc/nova/api-paste.ini
allow_resize_to_same_host=True
libvirt_use_virtio_for_bridges=true
start_guests_on_host_boot=true
resume_guests_state_on_host_boot=true
###### APIS
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
allow_admin_api=true
s3_host=192.168.236.132
cc_host=192.168.236.132
###### RABBITMQ
rabbit_host=192.168.236.132
###### GLANCE
image_service=nova.image.glance.GlanceImageService
glance_api_servers=192.168.236.132:9292
###### NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
public_interface=eth0
flat_interface=eth1
flat_network_bridge=br100
fixed_range=192.168.22.0/24
multi_host=true
###### NOVNC CONSOLE
novnc_enabled=true
novncproxy_base_url= http://192.168.236.132:6080/vnc_auto.html
vncserver_proxyclient_address=192.168.236.132
vncserver_listen=192.168.236.132
########Nova
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
#####MISC
use_deprecated_auth=false
root_helper=sudo nova-rootwrap
设置目录权限
chown -R nova:nova /etc/nova重启所有服务
service rabbitmq-server restart
service libvirt-bin restart
service nova-scheduler restart
service nova-network restart
service nova-cert restart
service nova-compute restart
service nova-api restart
service nova-objectstore restart
service nova-volume restart由于服务数量比较多,创建一个脚本 restart.sh 来重启所有服务。
#!/bin/bashfor ain rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novnc nova-consoleauth;do service "$a" stop; donefor ain rabbitmq-server libvirt-bin nova-network nova-cert nova-compute \nova-api nova-objectstore nova-scheduler nova-volume \novnc nova-consoleauth;do service "$a" start; done
chmod +x restart.sh
运行脚本
bash restart.sh
Stopping rabbitmq-server: rabbitmq-server.
libvirt-bin stop/waiting
nova-network stop/waiting
nova-cert stop/waiting
nova-compute stop/waiting
nova-api stop/waiting
nova-objectstore stop/waiting
nova-scheduler stop/waiting
nova-volume stop/waiting
* Stopping OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth stop/waiting
Starting rabbitmq-server: SUCCESS
rabbitmq-server.
libvirt-bin start/running, process 9683
nova-network start/running, process 9703
nova-cert start/running, process 9713
nova-compute start/running, process 9724
nova-api start/running, process 9734
nova-objectstore start/running, process 9744
nova-scheduler start/running, process 9759
nova-volume start/running, process 9775
* Starting OpenStack NoVNC proxy nova-novncproxy [ OK ]
nova-consoleauth start/running, process 9839
同步数据库
nova-manage db sync会有一堆的输出,不过应该是没问题的。nova数据库里已经有相应的表,就表示正确。
# nova-manage db sync
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:639: SADeprecationWarning: The 'listeners' argument to Pool (and create_engine()) is deprecated. Use event.listen().
Pool.__init__(self, creator, **kw)
2012-07-19 18:43:34 WARNING nova.utils [-] /usr/lib/python2.7/dist-packages/sqlalchemy/pool.py:145: SADeprecationWarning: Pool.add_listener is deprecated. Use event.listen()
self.add_listener(l)
2012-07-19 18:43:34 AUDIT nova.db.sqlalchemy.fix_dns_domains [-] Applying database fix for Essex 创建Fix IP
FIX IP,就是分配给虚拟机的实际IP地址。这些数据都会写入数据库。
nova-manage network create private --fixed_range_v4=192.168.22.0/24 --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=256 --multi_host=T
创建floating IP
所谓Floating IP,是亚马逊EC2的定义。简单说,就是公网的IP。他其实是通过类似防火墙类似,做一个映射。实际上是通过iptables来实现映射.
nova-manage floating create --ip_range=192.168.241.224/27 重启nova服务
bash restart.sh
测试
可以尝试用下面命令去检查nova的状况
nova-manage service list
下面命令可以参考,详细的命令使用,可以参考 Openstack命令集 (没有验证,不过安装是成功了)
nova list
nova image-list
nova floating-ip-create
nova flavor-list
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-list
nova secgroup-list-rules default
命令行创建虚拟机的过程
nova keypair-add oskey > oskey.priv
chmod 600 oskey.priv
nova flavor-list
nova image-list
nova boot --flavor 2 --key_name oskey --image ea3ffba1-065e-483f-bfe2-c84184ee76be test1
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
这个时候,你在服务器上可以直接ssh到虚拟机上,ubuntu的虚拟机,用户是ubuntu。虚拟机的Ip
# nova list
+--------------------------------------+-------+--------+------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------+--------+------------------+
| 61e93d62-c926-46fa-8e0c-48073b7e58b0 | test1 | ACTIVE | private=10.0.0.2 |
| 6976e539-32d9-48a6-9fb5-28a3cdb55f71 | test2 | ACTIVE | private=10.0.0.4 |
+--------------------------------------+-------+--------+------------------+在服务器上直接ssh到虚拟机,如果你在远程,就需要分配floating IP。
ssh -i oskey.priv ubuntu@10.0.0.4登陆虚拟机后,你可以查看一下路由
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.0.3 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0显示网关是10.0.0.3,这个时候,你看一下
root@node07:~# ifconfig
br100 Link encap:Ethernet HWaddr 00:e0:81:d8:4a:23
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::ccfc:5aff:fef5:4345/64 Scope:Link结合上面的那个图,应该可以很好的帮助你的理解。如果你安装多节点,就更容易深入理解。
需要注意的是:br100的IP,需要你创建第一个虚拟机,他才会获得IP。
以上这段内容没测试,从下面命令可以参考开始。
Dashobard
安装
apt-get install -y apache2 libapache2-mod-wsgi openstack-dashboard 重启nova api
restart nova-api
这个时候,就可以访问dashboard。
测试
登陆dashobard
user:admin
pass:chenshake
扫一扫
3952
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
