首页 > 代码库 > Openstack平台搭建之第二天
Openstack平台搭建之第二天
Openstack平台搭建之第二天
环境准备:
RHEL6.5 内存4G 硬盘70G
yum源的制定(分别制定三个yum源,其中前面三个是自己本地定制的yum源)
baseurl=ftp://instructor.example.com/pub/rhel6.5/Server
baseurl=ftp://instructor.example.com/pub/errata
baseurl=http://instructor.example.com/pub/OpenStack/
baseurl=ftp://ftp.redhat.com/pub/redhat/linux/enterprise/$releasever/en/os/SRPMS/
baseurl=ftp://ftp.redhat.com/pub/redhat/linux/beta/$releasever/en/os/SRPMS/
#yum update -y ; reboot
第一节:qpid通信节点安装
2.安装qpid
[root@server10 ~]# yum install -y qpid-cpp-server qpid-cpp-server-ssl cyrus-sasl-md5
3.创建用户 -f制定密码文件 -u 制定用户信息 以及db信息
[root@server10 ~]# saslpasswd2 -f /var/lib/qpidd/qpidd.sasldb -u QPID qpidauth
[root@server10 ~]# sasldblistusers2 -f /var/lib/qpidd/qpidd.sasldb
qpidauth@QPID: userPassword
4.创建认证文件 acl(默认不存在)
[root@server10 ~]# echo ‘acl allow qpidauth@QPID all all‘ > /etc/qpid/qpidauth.acl
5.读取acl文件 后台进程qpidd
[root@server10 ~]# echo "QPIDD_OPTIONS=‘--acl-file /etc/qpid/qpidauth.acl‘" >> /etc/sysconfig/qpidd
6.修改权限
root@server10 ~]# chown qpidd /etc/qpid/qpidauth.acl
[root@server10 ~]# chmod 600 /etc/qpid/qpidauth.acl
7.修改/etc/qpidd.conf
cluster-mechanism=DIGEST-MD5
auth=yes
8.创建独立的pki(目录权限)
[root@server10 ~]# mkdir /etc/pki/tls/qpid
[root@server10 ~]# chmod 700 /etc/pki/tls/qpid/
[root@server10 ~]# chown qpidd /etc/pki/tls/qpid/
查看qpidd用户(在安装软件的时候已经创建了)
9.增加密码和权限
[root@server10 ~]# echo westos > /etc/qpid/qpid.pass
[root@server10 ~]# chmod 600 /etc/qpid/qpid.pass
[root@server10 ~]# chown qpidd /etc/qpid/qpid.pass
10.生成认证证书(certutil)
[root@server10 ~]# echo $HOSTNAME
server10.example.com
[root@server10 ~]# certutil -N -d /etc/pki/tls/qpid/ -f /etc/qpid/qpid.pass
注意查看/etc/pki/tls/qpid/目录下生成的文件(权限没有哦)
11制定加密序列 -n制定全主机名 (注意生成文件的权限)
[root@server10 ~]# certutil -S -d /etc/pki/tls/qpid/ -n server10.example.com -s "CN=server10.example.com" -t "CT,," -x -f /etc/qpid/qpid.pass -z /usr/bin/certutil
[root@server10 tls]# chown -R qpidd qpid/
12.在主配置文件中制定相关的db,name以及pd
(启动qpidd后进行查看日志)
[root@server10 ~]#vim /etc/qpidd.conf
ssl-cert-db=/etc/pki/tls/qpid
ssl-cert-name=server10.example.com
ssl-cert-password-file=/etc/qpid/qpid.pass
require-encryption=yes
[root@server10 ~]# /etc/init.d/qpidd restart
[root@server10 ~]# tail -f /var/log/messages 显示正在running(h好像有个密码错误啊)
[root@server10 ~]# chkconfig qpidd on
################
第二节:身份识别系统:identity(全局使用)
1.安装keystone以及相关
[root@server10 ~]# yum install openstack-keystone openstack-selinux openstack-utils -y
2.初始话服务,向数据库中导入db文件(默认不会安装mysql‘服务)
[root@server10 ~]# openstack-db --init --service keystone 需要安装mysql服务并进行配置
3.创建keystone用户和密码(其实就是向数据库导入文件,也可以自己使用openssl导入)
[root@server10 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
4.修改相应ssl的权限(/etc/keystone/ssl)
[root@server10 ~]# chown -R keystone:keystone /etc/keystone/ssl/
5.生成认证文件并且额导入:
[root@server10 ~]# openssl rand -hex 10 使用openssl加密前10
a030068247b339b52f37
[root@server10 ~]# echo a030068247b339b52f37 > /root/ks_admin_token
[root@server10 ~]# cat ks_admin_token
a030068247b339b52f37
[root@server10 ~]# export SERVICE_TOKEN=a030068247b339b52f37
6.导入到文件
[root@server10 ~]# export SERVICE_ENDPOINT=http://server10.example.com:35357/v2.0
7.配置keystone文件
[root@server10 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
[root@server10 ~]# vim /etc/keystone/keystone.conf (删除一个default)
8.启动keystone(开机启动)
[root@server10 ~]# /etc/init.d/openstack-keystone restart
[root@server10 ~]# chkconfig openstack-keystone on
注意:启动后注意查看有没有报错啊,查看启动端口
[root@server10 ~]# grep ERROR /var/log/keystone/keystone.log
9.创建keystone服务(id)
[root@server10 ~]# keystone service-create --name=keystone --type=identity --description="keystone identity service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | keystone identity service |
| id | 5a1d8b6901f6450fa5b063e6a002601c |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
注意:ID唯一哦
10.创建接口(外部 内部 管理接口)
[root@server10 ~]# keystone endpoint-create --service-id 5a1d8b6901f6450fa5b063e6a002601c \
> --publicurl ‘http://server10.example.com:5000/v2.0‘ \
> --adminurl ‘http://server10.example.com:35357/v2.0‘ \
> --internalurl ‘http://server10.example.com:5000/v2.0‘
+-------------+----------------------------------------+
| Property | Value |
+-------------+----------------------------------------+
| adminurl | http://server10.example.com:35357/v2.0 |
| id | 714dbd31a3bd45feafa7ca3539525fb2 |
| internalurl | http://server10.example.com:5000/v2.0 |
| publicurl | http://server10.example.com:5000/v2.0 |
| region | regionOne |
| service_id | 5a1d8b6901f6450fa5b063e6a002601c |
+-------------+----------------------------------------+
11.创建用户,角色,tenant(租户)
[root@server10 ~]# keystone user-create --name admin --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | f90b1ed5677a42b0b70544367d804222 |
| name | admin |
+----------+----------------------------------+
[root@server10 ~]# keystone role-create --name admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | ab686060308d470887911c19a8c011b4 |
| name | admin |
+----------+----------------------------------+
[root@server10 ~]# keystone tenant-create --name admin
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | b4aa48fd47724a19a9e09eeb1d8199df |
| name | admin |
+-------------+----------------------------------+
12.用户角色添加(关联上述的用户)
[root@server10 ~]# keystone user-role-add --user admin --role admin --tenant admin
13.编辑kestone管理文件(自己创建)
[root@server10 ~]# vim /root/keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=westos
export OS_AUTH_URL=http://server10.example.com:35357/v2.0/
export PS1=‘[\u@\h \W(keystone_admin)]\$ ‘
14.清除配置,同时加载keystone加载到里面;显示keystone用户
[root@server10 ~]# unset SERVICE_TOKEN
[root@server10 ~]# unset SERVICE_ENDPOINT
[root@server10 ~]# source /root/keystonerc_admin
[root@server10 ~(keystone_admin)]# keystone user-list
+----------------------------------+-------+---------+-------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------+
| f90b1ed5677a42b0b70544367d804222 | admin | True | |
+----------------------------------+-------+---------+-------+
第三节 swift 存储(在主机上添加两块盘)
1.安装swift存储代理,帐号以及容器
[root@server10 ~(keystone_admin)]# yum install -y openstack-swift-proxy openstack-swift-object openstack-swift-container openstack-swift-account memcached -y
2.创建用户以及tenant(记住所有名字一样service)
[root@server10 ~(keystone_admin)]# keystone user-create --name swift --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 2e86f4f604cd4edaa535caf8f19af9db |
| name | swift |
+----------+----------------------------------+
[root@server10 ~(keystone_admin)]# keystone tenant-create --name services
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 4dd069c858834df99733119353d1c822 |
| name | services |
+-------------+----------------------------------+
3.关联用户之间关系
[root@server10 ~(keystone_admin)]# keystone user-role-add --role admin --tenant services --user swift
4.服务创建
[root@server10 ~(keystone_admin)]# keystone service-create --name swift --type object-store --description "swift storage service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | swift storage service |
| id | 970407c1c93248a3abe25e59e3da9108 |
| name | swift |
| type | object-store |
+-------------+----------------------------------+
5.定义认证的URL:
[root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 970407c1c93248a3abe25e59e3da9108 \
> --publicurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \
> --adminurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s" \
> --internalurl "http://server10.example.com:8080/v1/AUTH_%(tenant_id)s"
+-------------+--------------------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------------------+
| adminurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s |
| id | 2f5a84921b3f4d2ba067f5dec2d9b529 |
| internalurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s |
| publicurl | http://server10.example.com:8080/v1/AUTH_%(tenant_id)s |
| region | regionOne |
| service_id | 970407c1c93248a3abe25e59e3da9108 |
+-------------+--------------------------------------------------------+
6.查找盘符,并且创建主分区
[root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdb
[root@server10 ~(keystone_admin)]# fdisk -cu /dev/vdc
7.格式化分区 并且开机自动挂在(记得操作之前对文件进行备份)
[root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdb1
[root@server10 ~(keystone_admin)]# mkfs.ext4 /dev/vdc1
[root@server10 ~(keystone_admin)]# mkdir -p /srv/node/z{1,2}d1
[root@server10 etc(keystone_admin)]# cat /etc/fstab
/dev/vdb1 /srv/node/z1d1 ext4 acl,user_xattr 0 0
/dev/vdc1 /srv/node/z2d1 ext4 acl,user_xattr 0 0
[root@server10 etc(keystone_admin)]# mount -a
8.编辑目录权限
[root@server10 node(keystone_admin)]# chown -R swift:swift /srv/node/
9.编辑安全上下文
[root@server10 node(keystone_admin)]# restorecon -Rv /srv/
将安全上下文转换成的类型修改为swift类型格式(可以实时查看)
10.编辑配置文件(可以将里面的文件都备份下/etc/swift/swift.conf(account/container/object))
[root@server10 node(keystone_admin)]# openssl rand -hex 10
ed7addafe2a3477d5e92
[root@server10 node(keystone_admin)]# cat /etc/swift/swift.conf
[swift-hash]
swift_hash_path_prefix = ed7addafe2a3477d5e92
swift_hash_path_suffix = ed7addafe2a3477d5e92
将三个文件的bind-ip改为自己的ip(192.168.0.110)
#vim /etc/swift/container-server.conf
#vim /etc/swift/account-server.conf
#vim /etc/swift/object-server.conf
11.启动三个服务(开机自动启动)
[root@server10 node(keystone_admin)]# chkconfig openstack-swift-container on
[root@server10 node(keystone_admin)]# chkconfig openstack-swift-object on
[root@server10 node(keystone_admin)]# chkconfig openstack-swift-account on
12.测试
Configure Swift Object Storage Service Rings
使用三个命令创建三个builder
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder create 12 2 1
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder create 12 2 1
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder create 12 2 1
执行下面命令:(有警告啊)
#for i in 1 2 ; do swift-ring-builder /etc/swift/account.builder add z${i}-192.168.0.110:6002/z${i}d1 100; done
#for i in 1 2 ; do swift-ring-builder /etc/swift/object.builder add z${i}-192.168.0.110:6000/z${i}d1 100; done
#for i in 1 2 ; do swift-ring-builder /etc/swift/container.builder add z${i}-192.168.0.110:6001/z${i}d1 100; done
12.1使用swift-ring-builder创建负载
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/object.builder rebalance
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/container.builder rebalance
[root@server10 node(keystone_admin)]# swift-ring-builder /etc/swift/account.builder rebalance
[root@server10 node(keystone_admin)]# chown -R root:swift /etc/swift/
13.启动代理服务
Deploy the Swift Object Storage Proxy Service
13.1编辑代理文件(procy-server.conf备份哦自己编写)
[root@server10 node(keystone_admin)]# vim /etc/swift/proxy-server.conf
[filter:authtoken]
admin_tenant_name = services 注意名字的编写哦
admin_user = swift
admin_password = westos
auth_host = 192.168.0.110
#############
13.2启动memcached和openstack-swift-proxy(记住开机自动启动)
[root@server10 ~(keystone_admin)]# /etc/init.d/memcached start;/etc/init.d/openstack-swift-proxy start
[root@server10 ~(keystone_admin)]#chkconfig memcached on;chkconfig openstack-swift-proxy on
14.创建容器:
Validate the Swift Object Storage
Configuration
14.1 截取1024的文件,并放置到对象存储区域(容器里面)
注意:必须得在/etc/swift目录吗 (必须的,因为是在上传目录啊发布目录)
问题:在第一次做的时候不小心把filter_authtoken
一个一个创建文件哦
[root@server10 swift(keystone_admin)]# head -c 1024 /dev/urandom > data(1,2,3).file (为了测试分别创建多个data文件实际分别创建)
#swift upload c1 data1.file 直接创建容器CX并上传文件
#swift upload c1 data2.file
#swift upload c1 data3.file
#swift upload c2 data3.file
#swift upload c3 data3.file
# swift list 可以查看生成的三个容器(c1 c2 c3)
# swift list c1 查看c1容器存放的数据
# swift delete c3 删除容器
# swift delete c1 data3.file 删除容器里面的对象
详情可以查看swift --help
创建区域:swift upload c1 data1.file
c指的是容器
接着在/srv/node下查看,其实两块存储存放的东西是一样的(z1d1和z2d2)
/srv/node/z2d1/objects
第四节 :配置Glance Image服务
1.安装openstack-glance软件
[root@server10 ~(keystone_admin)]# yum install -y openstack-glance
2.编辑配置文件
[root@server10 ~(keystone_admin)]#cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig
[root@server10 ~(keystone_admin)]# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.orig
拷贝新的配置文件
# cp /usr/share/glance/glance-registry-dist.conf /etc/glance/glance-registry.conf
3.初始化glance服务,创建密码(通过mysql使用上面的追加)
[root@server10 ~(keystone_admin)]# openstack-db --init --service glance --password westos --rootpw westos
可以登录mysql进行查看相关的数据库
4.创建用户以及关联用户关系
[root@server10 ~(keystone_admin)]# keystone user-create --name glance --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 41be9c4c80b74ec4bc9df05636859985 |
| name | glance |
+----------+----------------------------------+
[root@server10 ~(keystone_admin)]# keystone user-role-add --user glance --role admin --tenant services
5.编辑glance相关配置文件glance-api.conf
[root@server10 ~(keystone_admin)]# vim /etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone 认证方式
[keystone_authtoken] 配置认证方式
admin_tenant_name=services
admin_user=glance
admin_password=westos
[DEFAULT]
qpid_hostname = localhost 如果apid在远端可以增加IP
qpid_username = qpidauth
qpid_password = westos
qpid_port = 5671
qpid_protocol = ssl (5671是一般的加密接口)
6.编辑配置文件/etc/glance/glance-registry.conf
[paste_deploy]
flavor = keystone (没空格不影响吧)
[keystone_authtoken]
admin_tenant_name = services
admin_user = glance
admin_password = westos
7.启动两个服务glance-api glance-registry
#chkconfig openstack-glance-api on
#chkconfig openstack-glance-registry on
查看日志,希望不要有错误 啊
# egrep ‘ERROR|CRITICAL‘ /var/log/glance/*
/var/log/glance/api.log:2014-07-30 14:09:13.298 21918 ERROR glance.store.sheepdog [-] Error in store configuration: Unexpected error while running command.
查看有一个牧羊犬错误,可以先不要管他
8.新建一个glance服务
[root@server10 ~(keystone_admin)]# keystone service-create --name glance --type image --description "glance image service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | glance image service |
| id | a5806eaa7c4f4b0bac077d344b3e8c3f |
| name | glance |
| type | image |
+-------------+----------------------------------+
9.创建一个endpoint的URL
[root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id a5806eaa7c4f4b0bac077d344b3e8c3f \
> --publicurl http://server10.example.com:9292 \
> --adminurl http://server10.example.com:9292 \
> --internalurl http://server10.example.com:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://server10.example.com:9292 |
| id | 53bdf3b884724675bf9da11791bc1fbe |
| internalurl | http://server10.example.com:9292 |
| publicurl | http://server10.example.com:9292 |
| region | regionOne |
| service_id | a5806eaa7c4f4b0bac077d344b3e8c3f |
+-------------+----------------------------------+
10.上传镜像:Use glance to Upload a System Image
[root@server10 ~(keystone_admin)]# glance image-create --name xxb --is-public True --disk-format qcow2 --container-format bare --copy-from http://192.168.0.254/pub/materials/small.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2014-07-30T06:33:15 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | dd5135b4-c2ce-4c66-8b73-454705b2a310 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | xxb |
| owner | b4aa48fd47724a19a9e09eeb1d8199df |
| protected | False |
| size | 92908032 |
| status | queued |
| updated_at | 2014-07-30T06:33:15 |
+------------------+--------------------------------------+
10.1查看镜像信息
[root@server10 ~(keystone_admin)]# glance image-list
+--------------------------------------+---------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------+-------------+------------------+-----------+--------+
| dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb | qcow2 | bare | 92908032 | active |
| 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2 | bare | 258146304 | active |
+--------------------------------------+---------+-------------+------------------+-----------+--------+
10.2删除镜像
[root@server10 ~(keystone_admin)]#glance delete ID
[root@server10 ~(keystone_admin)]# glance image-show xxb 查看xxb镜像详细信息
第五节:创建块存储,用来给云主机挂在使用的a
1.安装块存储软件:
[root@server10 ~(keystone_admin)]# yum install -y openstack-cinder
[root@server10 ~(keystone_admin)]#cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
[root@server10 ~(keystone_admin)]#cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf
2.初始化
[root@server10 ~(keystone_admin)]# openstack-db --init --service cinder --password westos --rootpw westos
# openstack-db --drop --service cinder 如果初始化错误可以使用这个删除cinder(重新执行)
3.创建相应的用户以及关联用户
[root@server10 ~(keystone_admin)]# keystone user-create --name cinder --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 912094d6e8c54864aa2606a13daae1c9 |
| name | cinder |
+----------+----------------------------------+
[root@server10 ~(keystone_admin)]# keystone user-role-add --user cinder --role admin --tenant services
4.创建卷组
[root@server10 ~(keystone_admin)]# keystone service-create --name=cinder --type=volume --description="openstack block storage service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | openstack block storage service |
| id | f8fbbcec6c864ac588f70ee396bb55da |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
5.创建cinder的URL
[root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id f8fbbcec6c864ac588f70ee396bb55da --publicurl ‘http://server10.example.com:8776/v1/%(tenant_id)s‘ --adminurl ‘http://server10.example.com:8776/v1/%(tenant_id)s‘ --internalurl ‘http://server10.example.com:8776/v1/%(tenant_id)s‘
+-------------+---------------------------------------------------+
| Property | Value |
+-------------+---------------------------------------------------+
| adminurl | http://server10.example.com:8776/v1/%(tenant_id)s |
| id | 3116d4a05f2a4dac8dd712b10aaf4d09 |
| internalurl | http://server10.example.com:8776/v1/%(tenant_id)s |
| publicurl | http://server10.example.com:8776/v1/%(tenant_id)s |
| region | regionOne |
| service_id | f8fbbcec6c864ac588f70ee396bb55da |
+-------------+---------------------------------------------------+
6..备份配置文件,并且进行修改内存
[root@server10 ~(keystone_admin)]# cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.orig
[root@server10 ~(keystone_admin)]# cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf
[root@server10 ~(keystone_admin)]#vim /etc/cinder/cinder.conf
[keystone_authtoken]
admin_tenant_name = services
admin_user = cinder
admin_password = westos
[DEFAULT]
qpid_username = qpidauth
qpid_password = westos
qpid_protocol = ssl
qpid_port = 5671
7.启动服务并开机子启动
[root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-scheduler start
[root@server10 ~(keystone_admin)]#/etc/init.d/openstack-cinder-api start
[root@server10 ~(keystone_admin)]# /etc/init.d/openstack-cinder-volume start
8.配置共享存储iscsi
echo ‘include /etc/include/volumes/*‘ >> /etc/tgt/targets.conf
[root@server10 ~(keystone_admin)]## /etc/init.d/tgtd start
[root@server10 ~(keystone_admin)]##chkconfig tgtd on
9.查看openstack的整体状态
[root@server10 ~(keystone_admin)]## openstack-status
== Glance services ==
openstack-glance-api: active
openstack-glance-registry: active
== Keystone service ==
== Keystone users ==
Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens
== Glance images ==
Authorization Failed: Unable to establish connection to http://server10.example.com:35357/v2.0/tokens
如果正常应该没有问题的(其实在配置过程中经常也会出现不能tokens这个问题,持续等待也许会好的。自己在做的时候也经常出现这个问题,也许就是靠人品咯)
10.创建一个卷组vol1 2G(测试逻辑卷的应用)
使用cinder工具创建一个名为vol1的逻辑卷大小2G
[root@server10 ~(keystone_admin)]# cinder create --display-name vol1 2
+---------------------+--------------------------------------+
| Property | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| created_at | 2014-07-30T08:03:05.551543 |
| display_description | None |
| display_name | vol1 |
| id | 7d8bde6b-4d83-439d-839a-1f9d5974d94c |
| metadata | {} |
| size | 2 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| volume_type | None |
+---------------------+--------------------------------------+
11.查看当前的逻辑卷大小
[root@server10 ~(keystone_admin)]#vgs
[root@server10 ~(keystone_admin)]# vgs
VG #PV #LV #SN Attr VSize VFree
cinder-volumes 1 1 0 wz--n- 4.97g 2.97g
vol0 1 2 0 wz--n- 29.97g 0
只要卷组是cinder的话就可以识别。在部署应答文件时里面就有一个块存储的卷20G
#cinder list
#################
第六节 网络配置
1.创建网络
[root@server10 ~(keystone_admin)]# keystone service-create --name neutron --type network --description ‘networking service‘
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | networking service |
| id | ffc971e1288e48df85a56291ddd9c621 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
2.指定相应的URL
[root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id ffc971e1288e48df85a56291ddd9c621 \
> --publicurl http://server10.example.com:9696 \
> --adminurl http://server10.example.com:9696 \
> --internalurl http://server10.example.com:9696
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://server10.example.com:9696 |
| id | 2af628a5043a4bb1ab7e5990305c7a84 |
| internalurl | http://server10.example.com:9696 |
| publicurl | http://server10.example.com:9696 |
| region | regionOne |
| service_id | ffc971e1288e48df85a56291ddd9c621 |
+-------------+----------------------------------+
3.创建用户以及关联相关
[root@server10 ~(keystone_admin)]# keystone user-create --name neutron --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | e8a059a320ef4ed5973bb245e56ceb67 |
| name | neutron |
+----------+----------------------------------+
[root@server10 ~(keystone_admin)]# keystone user-role-add --user neutron --role admin --tenant services
4.查看用户
[root@server10 ~(keystone_admin)]# keystone user-role-list
+----------------------------------+-------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| ab686060308d470887911c19a8c011b4 | admin | f90b1ed5677a42b0b70544367d804222 | b4aa48fd47724a19a9e09eeb1d8199df |
+----------------------------------+-------+----------------------------------+----------------------------------+
[root@server10 ~(keystone_admin)]# keystone --os-username neutron --os-password westos --os-tenant-name services user-role-list
+----------------------------------+-------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+-------+----------------------------------+----------------------------------+
| 59d0d13373894bcdb8ad06852a620117 | admin | e8a059a320ef4ed5973bb245e56ceb67 | 3a4b064f7782481fbde472d25d3e496f |
+----------------------------------+-------+----------------------------------+----------------------------------+
5.安装networking软件包
[root@server10 neutron(keystone_admin)]# yum install -y openstack-neutron openstack-neutron-openvswitch
查看下qpidd的状态
6.配置主要文件:
[root@server10 neutron(keystone_admin)]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend=neutron.openstack.common.rpc.impl_qpid
qpid_hostname = 192.168.0.110
qpid_port = 5671
qpid_username = qpidauth
qpid_password = westos
qpid_protocol = ssl
[keystone_authtoken]
admin_tenant_name = services
admin_user = neutron
admin_password = westos
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
7.编辑配置文件(用户admin文件cp后修改)
[root@server10 ~(keystone_admin)]# cat /root/keystonerc_neutron
export OS_USERNAME=neutron 修改
export OS_TENANT_NAME=services 修改
export OS_PASSWORD=westos
export OS_AUTH_URL=http://server10.example.com:35357/v2.0/
export PS1=‘[\u@\h \W(keystone_neutron)]\$ ‘
8.切换到网络用户neutron
[root@server10 ~(keystone_neutron)]# yum install openstack-nova-common -y
[root@server10 ~(keystone_neutron)]# neutron-server-setup --yes --rootpw westos --plugin openvswitch
[root@server10 ~(keystone_neutron)]# neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini stamp head
No handlers could be found for logger "neutron.common.legacy" 好像有错啊(不过没有直接报错可以不用管)
9.开启服务
[root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-server start
[root@server10 ~(keystone_neutron)]# chkconfig neutron-server on
[root@server10 ~(keystone_neutron)]# openstack-status 发现nova没有启动,networking没有启动。继续下面的配置吧
10.配置网络
[root@server10 ~(keystone_neutron)]# neutron-node-setup --plugin openvswitch -qhost 192.168.0.110
[root@server10 ~(keystone_neutron)]# /etc/init.d/openvswitch start(chkconfig openvswitch on)
11.配置接口(br-ex br-int)
[root@server10 ~(keystone_neutron)]# ovs-vsctl add-br br-int
(ovs-vsctl show 查看网络接口)
[root@server10 ~(keystone_neutron)]# vim /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
integration_bridge = br-int
[root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-openvswitch-agent start
Starting neutron-openvswitch-agent: [ OK ]
[root@server10 ~(keystone_neutron)]# chkconfig neutron-openvswitch-agent on
[root@server10 ~(keystone_neutron)]# chkconfig neutron-ovs-cleanup on
[root@server10 ~(keystone_neutron)]# neutron-dhcp-setup --plugin openvswitch --qhost 192.168.0.110
[root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-dhcp-agent start
Starting neutron-dhcp-agent: [ OK ]
[root@server10 ~(keystone_neutron)]# chkconfig neutron-dhcp-agent on
注意在查看dhcp时有错误:
[root@server10 ~(keystone_admin)]# egrep ‘ERROR|CRITICAL‘ /var/log/neutron/dhcp-agent.log
2014-08-02 13:36:31.633 25212 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver
显示的是firewall的错误,并不是我们的服务问题哦
11.1配置对外接口
#ovs-vsctl add-br br-ex
#cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br-ex
#vim /etc/sysconfig/network-scripts/ifcfg-eth0 (3条:设备名;开机自启动;MAC)
#vim /etc/sysconfig/network-scripts/ifcfg-br-ex (设备名;MAC取消)
#ovs-vsctl add-port br-ex eth0;service network restart
[root@server10 ~(keystone_neutron)]# rpm -q iproute
iproute-2.6.32-130.el6ost.netns.2.x86_64
11.2配置neutron网络
[root@server10 ~(keystone_neutron)]# neutron-l3-setup --plugin openvswitch --qhost 192.168.0.110
[root@server10 ~(keystone_neutron)]# /etc/init.d/neutron-l3-agent start
[root@server10 ~(keystone_neutron)]# chkconfig neutron-l3-agent on
仍然有报错啊
[root@server10 network-scripts(keystone_admin)]# egrep ‘ERROR|CRITICAL‘ /var/log/neutron/l3-agent.log
2014-08-02 13:45:27.151 27518 ERROR neutron.common.legacy [-] Skipping unknown group key: firewall_driver
[root@server10 ~(keystone_neutron)]# openstack-status 查看网络,网络那块有两个没有启动
== Nova services ==
openstack-nova-api: dead (disabled on boot) 没有开机启动
openstack-nova-compute: dead (disabled on boot)
openstack-nova-network: dead (disabled on boot)
openstack-nova-scheduler: dead (disabled on boot)
== Glance services ==
其实到这里nova的相关还是有些问题的,继续配置nova节点
############################################################################
第七节 nova安装
切回admin用户执行
[root@server10 ~(keystone_admin)]# yum install -y openstack-nova openstack-nova-novncproxy
[root@server10 ~(keystone_admin)]# source /root/keystonerc_admin
[root@server10 ~(keystone_admin)]# chown nova:nova /var/log/nova/
初始化db数据库
[root@server10 ~(keystone_admin)]# openstack-db --init --service nova --password westos --rootpw westos
创建用户
root@server10 ~(keystone_admin)]# keystone user-create --name nova --pass westos
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | fd4f1d6540464a32b79c8e3a41ba7e70 |
| name | nova |
+----------+----------------------------------+
绑定角色并且创建服务
[root@server10 ~(keystone_admin)]# keystone user-role-add --user nova --role admin --tenant services
[root@server10 ~(keystone_admin)]# keystone service-create --name nova --type compute --description "openstack compute service "
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | openstack compute service |
| id | 7dd84b0c66ea4cd891b11b66a1dab754 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建endpoint:URL
[root@server10 ~(keystone_admin)]# keystone endpoint-create --service-id 7dd84b0c66ea4cd891b11b66a1dab754 \
> --publicurl ‘http://server10.example.com:8774/v2/%(tenant_id)s‘ \
> --adminurl ‘http://server10.example.com:8774/v2/%(tenant_id)s‘ \
> --internalurl ‘http://server10.example.com:8774/v2/%(tenant_id)s‘
+-------------+---------------------------------------------------+
| Property | Value |
+-------------+---------------------------------------------------+
| adminurl | http://server10.example.com:8774/v2/%(tenant_id)s |
| id | ed1ecf2502b64c9eac29f8047fad7fe5 |
| internalurl | http://server10.example.com:8774/v2/%(tenant_id)s |
| publicurl | http://server10.example.com:8774/v2/%(tenant_id)s |
| region | regionOne |
| service_id | 7dd84b0c66ea4cd891b11b66a1dab754 |
+-------------+---------------------------------------------------+
修改配置文件:
[root@server10 ~(keystone_admin)]# vim /etc/nova/api-paste.ini
[filter:authtoken] 配置的最后部分
admin_tenant_name = services
admin_user = nova
admin_password = westos
auth_host = 192.168.0.110
[root@server10 ~(keystone_admin)]# vim /etc/nova/nova.conf
qpid_hostname=192.168.0.110
qpid_port=5671
qpid_username=qpidauth
qpid_password=westos
qpid_protocol=ssl
vncserver_listen=192.168.0.110
vncserver_proxyclient_address=192.168.0.110
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
auth_strategy = keystone
libvirt_type=qemu
libvirt_cpu_mode=none
verbose=true
api_paste_config=api-paste.ini
(# for i in /etc/init.d/openstack-nova*;do $i restart;done)
#/etc/init.d/libvirtd start
#/etc/init.d/openstack-nova-api start
#/etc/init.d/openstack-nova-compute start
#/etc/init.d/openstack-nova-conductor start
#/etc/init.d/openstack-nova-consoleauth start
#/etc/init.d/openstack-nova-novncproxy start
#/etc/init.d/openstack-nova-scheduler start
[root@server10 ~(keystone_admin)]# chkconfig libvirtd on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-api on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-compute on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-conductor on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-consoleauth on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-novncproxy on
[root@server10 ~(keystone_admin)]# chkconfig openstack-nova-scheduler on
[root@server10 ~(keystone_admin)]# openstack-status
== Nova services ==
相应的服务都会启动了active状态
== Keystone users ==
+----------------------------------+---------+---------+-------+
| id | name | enabled | email |
+----------------------------------+---------+---------+-------+
| f90b1ed5677a42b0b70544367d804222 | admin | True | |
| 912094d6e8c54864aa2606a13daae1c9 | cinder | True | |
| 41be9c4c80b74ec4bc9df05636859985 | glance | True | |
| fd4f1d6540464a32b79c8e3a41ba7e70 | nova | True | |
| 2ea05745a8684da2bcd7ec12fa522cac | quantum | True | |
| 2e86f4f604cd4edaa535caf8f19af9db | swift | True | |
+----------------------------------+---------+---------+-------+
== Glance images ==
+--------------------------------------+---------+-------------+------------------+-----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------+-------------+------------------+-----------+--------+
| dd5135b4-c2ce-4c66-8b73-454705b2a310 | xxb | qcow2 | bare | 92908032 | active |
| 1e08ab41-58ed-457d-994e-5f8607f5bb67 | xxbandy | qcow2 | bare | 258146304 | active |
+--------------------------------------+---------+-------------+------------------+-----------+--------+
== Nova managed services ==
+------------------+----------------------+----------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------------------+----------+---------+-------+----------------------------+-----------------+
| nova-conductor | server10.example.com | internal | enabled | up | 2014-08-02T09:49:44.000000 | None |
| nova-compute | server10.example.com | nova | enabled | up | 2014-08-02T09:49:44.000000 | None |
| nova-consoleauth | server10.example.com | internal | enabled | up | 2014-08-02T09:49:46.000000 | None |
| nova-scheduler | server10.example.com | internal | enabled | up | 2014-08-02T09:49:39.000000 | None |
| nova-cells | server10.example.com | internal | enabled | up | 2014-08-02T09:49:43.000000 | None |
| nova-console | server10.example.com | internal | enabled | up | 2014-08-02T09:49:45.000000 | None |
| nova-network | server10.example.com | internal | enabled | up | 2014-08-02T09:49:38.000000 | None |
| nova-cert | server10.example.com | internal | enabled | up | 2014-08-02T09:49:43.000000 | None |
+------------------+----------------------+----------+---------+-------+----------------------------+-----------------+
== Nova networks ==
== Nova instance flavors ==
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
== Nova instances ==
所有检查OK!
如果能够到这步检查没有错误就可以放心的进行下面了。。
第九节 安装dashboard
[root@server10 ~(keystone_admin)]# yum install mod_wsgi httpd mod_ssl openstack-dashboard python-memcached -y
配置dashboard配置
[root@server10 ~(keystone_admin)]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "192.168.0.110"
ALLOWED_HOSTS = [‘server10example.com‘, ‘localhost‘,‘192.168.0.110‘]
CACHE_BACKEND = ‘memcached://127.0.0.1:11211‘
[root@server10 ~(keystone_admin)]# source /root/keystonerc_admin
[root@server10 ~(keystone_admin)]# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| ab686060308d470887911c19a8c011b4 | admin |
+----------------------------------+----------+
[root@server10 ~(keystone_admin)]# keystone role-create --name Member 创建一个成员角色
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 9fcca6054e0f45dc8bfb804219199e71 |
| name | Member |
+----------+----------------------------------+
设置apache能够正确访问selinux规则
[root@server10 ~(keystone_admin)]# setsebool -P httpd_can_network_connect on
[root@server10 ~(keystone_admin)]# /etc/init.d/httpd restart
[root@server10 ~(keystone_admin)]# chkconfig httpd on
登录https://192.168.0.110/dashboard
如果不能登录就修改下面的文件
#cd /var/lib/openstack-dashboard/
[root@server10 openstack-dashboard(keystone_admin)]# chown apache:apache .secret_key_store
重新登录:就可以进入界面了!!!