<服务>openstack——i版部署<I>

时间:April 7, 2017 分类:

目录:

Openstack简介

传统的数据中心有一定的问题,首先就是托管和维护成本,其次就是实施效率。

Openstack是一个项目,包括依赖的组件MySQL,RabbitMQ,apache自身的组件,Hortzen提供一个web Dishboard服务,Nova负责提供计算资源(支持KVM,Xen,vCenter等),Neutron负责网络资源的管理,Swift和Cinderm存储,KeyStone认证和注册管理,Glance镜像服务管理,Ceilometer监控服务,还有一些高级的组件,Heaf自动化部署和Trove数据库服务等。

版本从A开始,依次B,C,D依次往后,此次博客中使用的为I版,不推荐使用一些新版本,除非说新版本有我们需要的特性,如果没有的话完全可以不升级。

Openstack的开发语言重要是Python,占了大概三分之二。

部署Openstack

环境准备

Openstack只需要两台主机,每台内存大小为2GB,需要cpu开启虚拟化。

主机名 IP地址 节点作用
openstack-1.whysdomain.com 192.168.0.206 作为管理节点
openstack-2.whysdomain.com 192.168.0.207 作为计算节点

两台主机都需要做的准备

主机名

[root@openstack-1 ~]# hostname
openstack-1.whysdomain.com

主机名可以ping通

[root@openstack-1 ~]# ping openstack-1.whysdomain.com
PING openstack-1.whysdomain.com (192.168.0.206) 56(84) bytes of data.
64 bytes from openstack-1.whysdomain.com (192.168.0.206): icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from openstack-1.whysdomain.com (192.168.0.206): icmp_seq=2 ttl=64 time=0.042 ms
^C
--- openstack-1.whysdomain.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1985ms
rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms

安装epel的包

[root@openstack-1 ~]# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.2ffY9i: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]

selinux关闭

[root@openstack-1 ~]# getenforce 
Disabled

时间同步

[root@openstack-1 ~]# /usr/sbin/ntpdate pool.ntp.org
 3 Apr 02:56:39 ntpdate[1786]: adjust time server 61.216.153.106 offset 0.003436 sec
[root@openstack-1 ~]# echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >> /var/spool/cron/root

安装依赖包

[root@openstack-1 ~]# yum install -y python-pip gcc gcc-c++ libtool patch make automake python-devel libxslt-devel MySQL-python openssl-devel libudev-devel git wget libvirt-python libvirt qemu-kvm gedit python-numdisplay python-eventlet device-mapper bridge-utils libffi-devel libffi

管理节点安装依赖服务

安装MySQL

[root@openstack-1 ~]# yum install -y mysql-server

配置MySQL

[root@openstack-1 ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf 
cp: overwrite `/etc/my.cnf'? y

引擎配置为inodb,使用utf8字符集,一定要使用utf8字符集

[root@openstack-1 ~]# vi /etc/my.cnf 
在[mysqld]标签下添加
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

启动MySQL服务

[root@openstack-1 ~]# /etc/init.d/mysqld start

创建表并授权,分别给keystone,glance,nova,neutron和cinder

[root@openstack-1 ~]# mysql
mysql> create database keystone;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on keystone.* to keystone@'192.168.0.%' identified by 'keystone'; 
Query OK, 0 rows affected (0.00 sec)

mysql> create database glance;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on glance.* to glance@'192.168.0.%' identified by 'glance'; 
Query OK, 0 rows affected (0.00 sec)

mysql> create database nova;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on nova.* to nova@'192.168.0.%' identified by 'nova'; 
Query OK, 0 rows affected (0.00 sec)

mysql> create database neutron;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on neutron.* to neutron@'192.168.0.%' identified by 'neutron'; 
Query OK, 0 rows affected (0.00 sec)

mysql> create database cinder;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on cinder.* to cinder@'192.168.0.%' identified by 'cinder'; 
Query OK, 0 rows affected (0.00 sec)

安装rabbit-mq

[root@openstack-1 ~]# yum install -y rabbitmq-server
[root@openstack-1 ~]# /etc/init.d/rabbitmq-server start
Starting rabbitmq-server: SUCCESS
rabbitmq-server.

如果不能启动很有可能是域名式的主机不能正常解析,可以再添加短主机名openstack-1的映射,rabbit-mq默认是解析短主机名的。

启动rabbit-mq插件

[root@openstack-1 ~]# /usr/lib/rabbitmq/bin/rabbitmq-plugins list
[ ] amqp_client                       3.1.5
[ ] cowboy                            0.5.0-rmq3.1.5-git4b93c2d
[ ] eldap                             3.1.5-gite309de4
[ ] mochiweb                          2.7.0-rmq3.1.5-git680dba8
[ ] rabbitmq_amqp1_0                  3.1.5
[ ] rabbitmq_auth_backend_ldap        3.1.5
[ ] rabbitmq_auth_mechanism_ssl       3.1.5
[ ] rabbitmq_consistent_hash_exchange 3.1.5
[ ] rabbitmq_federation               3.1.5
[ ] rabbitmq_federation_management    3.1.5
[ ] rabbitmq_jsonrpc                  3.1.5
[ ] rabbitmq_jsonrpc_channel          3.1.5
[ ] rabbitmq_jsonrpc_channel_examples 3.1.5
[ ] rabbitmq_management               3.1.5
[ ] rabbitmq_management_agent         3.1.5
[ ] rabbitmq_management_visualiser    3.1.5
[ ] rabbitmq_mqtt                     3.1.5
[ ] rabbitmq_shovel                   3.1.5
[ ] rabbitmq_shovel_management        3.1.5
[ ] rabbitmq_stomp                    3.1.5
[ ] rabbitmq_tracing                  3.1.5
[ ] rabbitmq_web_dispatch             3.1.5
[ ] rabbitmq_web_stomp                3.1.5
[ ] rabbitmq_web_stomp_examples       3.1.5
[ ] rfc4627_jsonrpc                   3.1.5-git5e67120
[ ] sockjs                            0.3.4-rmq3.1.5-git3132eb9
[ ] webmachine                        1.10.3-rmq3.1.5-gite9359c7
[root@openstack-1 ~]# /usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.

检查rabbit-mq启动情况

[root@openstack-1 ~]# ss -nlpt | grep 5672
LISTEN     0      128                       *:15672                    *:*      users:(("beam",9360,17))
LISTEN     0      128                       *:55672                    *:*      users:(("beam",9360,16))
LISTEN     0      128                      :::5672                    :::*      users:(("beam",9360,14))

访问对应IP的15672端口,访问55672也行,会跳转到15672的

用户名密码均为guest

生产环境下需要修改默认的用户名和密码,注意Openstack中rabbit-mq的默认即为guest,所以在下边,我会把常用的并且使用默认的配置也进行取消注释的处理

安装keystone

负责用户与认证:用户权限与用户行为跟踪

  • User:用户
  • Tenant:租户
  • Token:令牌
  • Role:角色
  • Service:服务
  • Endpoint:端点,就是url地址
  • 服务目录:提供一个服务目录,包括所有服务项与相关API端点

keystone是一个做用户管理的,但是最开始是没有用户,想连上进行创建用户,keystone提供了一个admin_token的功能,是一个万能的,所以在生产环境中不要使用admin_token

创建openstack的icehouse版的repo

现在openstack官方不提供openstack-icehouse的repo,只提供rpm下载,可以自行配置repo

[root@openstack-1 ~]# vi /etc/yum.repos.d/openstack-icehouse.repo
[root@openstack-1 ~]# cat /etc/yum.repos.d/openstack-icehouse.repo
[openstack-icehouse]
name=openstack-icehouse
baseurl=https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6
enabled=1
gpgcheck=0

安装keystone和python-keystoneclient

[root@openstack-1 ~]# yum clean all
Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Cleaning repos: epel openstack-icehouse os
Cleaning up Everything
[root@openstack-1 ~]# yum install -y openstack-keystone python-keystoneclient

因为依赖的包比较多,所以需要下载大概140多个包

如果出现以下问题

Error: Package: python-cinderclient-1.0.9-1.el6.noarch (openstack-icehouse)
           Requires: python-requests
Error: Package: 1:python-keystoneclient-0.9.0-1.el6.noarch (openstack-icehouse)
           Requires: python-requests >= 0.8.8
Error: Package: 1:python-novaclient-2.17.0-2.el6.noarch (openstack-icehouse)
           Requires: python-argparse
Error: Package: 1:python-oslo-config-1.2.1-1.el6.noarch (openstack-icehouse)
           Requires: python-argparse
Error: Package: python-cliff-1.4.4-1.el6.noarch (epel)
           Requires: python-argparse
Error: Package: 1:python-novaclient-2.17.0-2.el6.noarch (openstack-icehouse)
           Requires: python-requests
Error: Package: python-openstackclient-0.3.1-2.el6.noarch (openstack-icehouse)
           Requires: python-requests
Error: Package: python-oslo-messaging-1.3.0.2-4.el6.noarch (openstack-icehouse)
           Requires: PyYAML
Error: Package: 1:python-keystoneclient-0.9.0-1.el6.noarch (openstack-icehouse)
           Requires: python-argparse
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
需要安装python-requests >= 0.8.8,python-argparse和PyYAML

RadHat就会遇到这些问题,推荐用CentOS6系统。可以配置一个新的OS源,url为http://mirror.centos.org/centos/6.8/os/x86_64/,然后就可以正常yum安装了

安装完后会有一个keystone的用户

[root@openstack-1 ~]# id keystone
uid=163(keystone) gid=163(keystone) groups=163(keystone)

创建pki目录给keystone用户使用

[root@openstack-1 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Generating RSA private key, 2048 bit long modulus
....................+++
...............................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
.......................................+++
.......+++
e is 65537 (0x10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'US'
stateOrProvinceName   :ASN.1 12:'Unset'
localityName          :ASN.1 12:'Unset'
organizationName      :ASN.1 12:'Unset'
commonName            :ASN.1 12:'www.example.com'
Certificate is to be certified until Apr  1 17:50:52 2027 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

默认会在/etc/keystone/ssl/certs/openssl.conf目录下

修改权限

[root@openstack-1 ~]# chown -R keystone.keystone /etc/keystone/ssl/
[root@openstack-1 ~]# chmod -R o-rwx /etc/keystone/ssl/

修改keystone的配置文件

[root@openstack-1 ~]# vim /etc/keystone/keystone.conf 

#admin_token=ADMIN                                          
取消该注释,也可以改为自己需要的token
admin_token=ADMIN

#connection=mysql://keystone:keystone@localhost/keystone
取消该注释,改为对应的IP地址,如果是本机,localhost也并非不可以,mysql也可以单独安装在别的节点
connection=mysql://keystone:keystone@192.168.0.206/keystone

# Print debugging output (set logging level to DEBUG instead
# of default WARNING level). (boolean value)
#debug=false
取消该注释,374行,并改为
debug=true

#log_file=/var/log/keystone/keystone.log
取消该注释即可
log_file=/var/log/keystone/keystone.log

[root@openstack-1 ~]# egrep '^[a-z]' /etc/keystone/keystone.conf 
admin_token=ADMIN
debug=true
log_file=/var/log/keystone/keystone.log
connection=mysql://keystone:keystone@192.168.0.206/keystone

同步keystone数据库

[root@openstack-1 ~]# keystone-manage db_sync
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u keystone -pkeystone -e "use keystone;show tables;"
+-----------------------+
| Tables_in_keystone    |
+-----------------------+
| assignment            |
| credential            |
| domain                |
| endpoint              |
| group                 |
| migrate_version       |
| policy                |
| project               |
| region                |
| role                  |
| service               |
| token                 |
| trust                 |
| trust_role            |
| user                  |
| user_group_membership |
+-----------------------+

keystone同步的时候使用的root用户,生成的日志也为root用户,可以sudo -u keystone keystone-manage db_sync

否则会因为日志权限问题无法写入日志导致服务启动失败,所以需要重新授权

[root@openstack-1 ~]# chown keystone.keystone /var/log/keystone/keystone.log

启动服务

[root@openstack-1 ~]# /etc/init.d/openstack-keystone start
Starting keystone:                                         [  OK  ]

看一下日志

[root@openstack-1 ~]# tail -4 /var/log/keystone/keystone.log 
2017-04-05 17:02:38.168 19258 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:35357
2017-04-05 17:02:38.170 19258 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:5000
2017-04-05 17:02:38.175 19258 INFO eventlet.wsgi.server [-] (19258) wsgi starting up on http://0.0.0.0:35357/
2017-04-05 17:02:38.175 19258 INFO eventlet.wsgi.server [-] (19258) wsgi starting up on http://0.0.0.0:5000/

可以看到启动了35357端口和5000端口

[root@openstack-1 ~]# ss -nlpt | egrep '5000|35357'
LISTEN     0      128                       *:35357                    *:*      users:(("keystone-all",19258,4))
LISTEN     0      128                       *:5000                     *:*      users:(("keystone-all",19258,6))

可以看到监听了*所有端口,可以在配置文件中设置

#public_bind_host=0.0.0.0
#admin_bind_host=0.0.0.0

public是对外的,admin是对内的,实质上都是keystone服务。

keystone的主要命令

keystone主要是三大类命令,list,create和delete

[root@openstack-1 ~]# keystone --help | grep list
    ec2-credentials-list
    endpoint-list       List configured service endpoints.
    role-list           List all roles.
    service-list        List all services in Service Catalog.
    tenant-list         List all tenants.
    user-list           List users.
    user-role-list      List roles granted to a user.
[root@openstack-1 ~]# keystone --help | grep create
    ec2-credentials-create
    endpoint-create     Create a new endpoint associated with a service.
    role-create         Create new role.
    service-create      Add service to Service Catalog.
    tenant-create       Create new tenant.
    user-create         Create new user
[root@openstack-1 ~]# keystone --help | grep delete
    ec2-credentials-delete
    endpoint-delete     Delete a service endpoint.
    role-delete         Delete role.
    service-delete      Delete service from Service Catalog.
    tenant-delete       Delete tenant.
    user-delete         Delete user.

角色配置

[root@openstack-1 ~]# keystone role-list
Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]

目前什么有没有,我们需要通过TOKEN环境变量来实现,ADMIN即为配置的TOKEN,一定要设置的复杂些

配置环境变量

[root@openstack-1 ~]# export OS_SERVICE_TOKEN=ADMIN
[root@openstack-1 ~]# export OS_SERVICE_ENDPOINT=http://192.168.0.206:35357/v2.0
[root@openstack-1 ~]# keystone role-list
+----------------------------------+----------+
|                id                |   name   |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+----------+

创建租户

[root@openstack-1 ~]# keystone tenant-create --name=admin --description="Admin Tenant"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |           Admin Tenant           |
|   enabled   |               True               |
|      id     | 8f3a33c020c445a395d203d711b2b145 |
|     name    |              admin               |
+-------------+----------------------------------+

注意这个警告并不影响openstack的正常使用

/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
[root@openstack-1 ~]# keystone tenant-create --name=service --description="Service Tenant"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |          Service Tenant          |
|   enabled   |               True               |
|      id     | 78359fd9b227418ba3987eea0d22f291 |
|     name    |             service              |
+-------------+----------------------------------+

添加管理员用户

[root@openstack-1 ~]# keystone user-create --name=admin --pass=admin --email=why@whysdomain.com
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |        why@whysdomain.com        |
| enabled  |               True               |
|    id    | 1b42867e5ea345b8837d10b2e97fd8b7 |
|   name   |              admin               |
| username |              admin               |
+----------+----------------------------------+

创建管理员角色

[root@openstack-1 ~]# keystone role-create --name=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 08ab002181204f3fb800fe25a2e0c0df |
|   name   |              admin               |
+----------+----------------------------------+

为管理员分配管理员角色

[root@openstack-1 ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

keystone服务建立service

[root@openstack-1 ~]# keystone service-create --name=keystone --type=identity --description="keystone identity service"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |    keystone identity service     |
|   enabled   |               True               |
|      id     | f634a47ae9ac450f87e90d76ee8a4215 |
|     name    |             keystone             |
|     type    |             identity             |
+-------------+----------------------------------+

keystone的service和endpoint关联(endpoint可以认为为一个服务的访问点)

[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://192.168.0.206:5000/v2.0 --internalurl=http://192.168.0.206:5000/v2.0 --adminurl=http://192.168.0.206:35357/v2.0
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  | http://192.168.0.206:35357/v2.0  |
|      id     | 89a6938a0ff246ebbf26d765474ac167 |
| internalurl |  http://192.168.0.206:5000/v2.0  |
|  publicurl  |  http://192.168.0.206:5000/v2.0  |
|    region   |            regionOne             |
|  service_id | f634a47ae9ac450f87e90d76ee8a4215 |
+-------------+----------------------------------+

取消token变量

[root@openstack-1 ~]# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

检验

[root@openstack-1 ~]# keystone --os-username=admin --os-password=admin --os-auth-url=http://192.168.0.206:35357/v2.0 token-get
[root@openstack-1 ~]# keystone --os-username=admin --os-password=admin --os-tenant-name=admin --os-auth-url=http://192.168.0.206:35357/v2.0 token-get

创建认证环境变量

[root@openstack-1 ~]# vi keystone-admin
[root@openstack-1 ~]# cat keystone-admin
export OS_USERNAME=admin
export OS_PASSWORD=admin 
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.0.206:35357/v2.0 
[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone token-get 

安装Glance

安装Glance

Glance提供系统镜像的注册,查询,查询,存储(存储不在Glance上,默认是在本地硬盘,也支持glusterfs,ceph,swift,s3等),当然快照管理也由Glance完成,由glance-api,glance-registry和image store组成。

[root@openstack-1 ~]# yum install -y openstack-glance python-glanceclient python-crypto

配置Glance

[root@openstack-1 ~]# vi /etc/glance/glance-api.conf 
#connection=mysql://glance:glance@localhost/glance
改为
connection=mysql://glance:glance@192.168.0.206/glance

# Show debugging output in logs (sets DEBUG log level output)
#debug=False
改为
debug=True

#log_file=/var/log/glance/api.log
改为
log_file=/var/log/glance/api.log 

配置rabbitmq
# notifier_strategy = default

# Driver or drivers to handle sending notifications
# notification_driver = noop

# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost

# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False
改为上边notifier_strategy为rabbit,打开下边的注释
notifier_strategy = rabbit

# Driver or drivers to handle sending notifications
# notification_driver = noop

# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost

# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rabbit_virtual_host=/
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
rabbit_durable_queues=False

配置glance-registry

[root@openstack-1 ~]# vi /etc/glance/glance-registry.conf 

#connection=mysql://glance:glance@localhost/glance
改为
connection=mysql://glance:glance@192.168.0.206/glance


# Show debugging output in logs (sets DEBUG log level output)
#debug=False
改为
debug=True


#log_file=/var/log/glance/registry.log
改为
log_file=/var/log/glance/registry.log

同步数据库

[root@openstack-1 ~]# glance-manage db_sync
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u glance -pglance -e 'use glance;show tables'
+------------------+
| Tables_in_glance |
+------------------+
| image_locations  |
| image_members    |
| image_properties |
| image_tags       |
| images           |
| migrate_version  |
| task_info        |
| tasks            |
+------------------+

配置glance-api

[root@openstack-1 ~]# vi /etc/glance/glance-api.conf
[keystone_authtoken]
#auth_host=127.0.0.1
#auth_port=35357
#auth_protocol=http
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance

#flavor=
改为
flavor=keystone

[root@openstack-1 ~]# vi /etc/glance/glance-registry.conf
[keystone_authtoken]
#auth_host=127.0.0.1
#auth_port=35357
#auth_protocol=http
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance

#flavor=
改为
flavor=keystone

查看glance-api配置

[root@openstack-1 ~]# egrep '^[a-z]' /etc/glance/glance-api.conf 
debug=True
log_file=/var/log/glance/api.log
notifier_strategy = rabbit
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rabbit_virtual_host=/
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
rabbit_durable_queues=False
connection=mysql://glance:glance@192.168.0.206/glance
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
flavor=keystone
[root@openstack-1 ~]# egrep '^[a-z]' /etc/glance/glance-registry.conf 
debug=True
log_file=/var/log/glance/registry.log
connection=mysql://glance:glance@192.168.0.206/glance
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
flavor=keystone

创建用户

[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone user-create --name=glance --pass=glance
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | edc440a00bf34d948cea0c1193cf7d00 |
|   name   |              glance              |
| username |              glance              |
+----------+----------------------------------+

添加角色

[root@openstack-1 ~]# keystone user-role-add --user=glance --tenant=service --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

创建服务

[root@openstack-1 ~]# keystone service-create --name=glance --type=image 
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | a66638362d1d4f9c905fdc419e979a6f |
|     name    |              glance              |
|     type    |              image               |
+-------------+----------------------------------+

创建endpoint

[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.0.206:9292 --internalurl=http://192.168.0.206:9292 --adminurl=http://192.168.0.206:9292
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |    http://192.168.0.206:9292     |
|      id     | b3040442c15941de89f237f95f6bdca9 |
| internalurl |    http://192.168.0.206:9292     |
|  publicurl  |    http://192.168.0.206:9292     |
|    region   |            regionOne             |
|  service_id | a66638362d1d4f9c905fdc419e979a6f |
+-------------+----------------------------------+

如果endpoint注册出问题,后边服务不能用

[root@openstack-1 ~]# keystone service-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------+---------------------------+
|                id                |   name   |   type   |        description        |
+----------------------------------+----------+----------+---------------------------+
| a66638362d1d4f9c905fdc419e979a6f |  glance  |  image   |                           |
| f634a47ae9ac450f87e90d76ee8a4215 | keystone | identity | keystone identity service |
+----------------------------------+----------+----------+---------------------------+
[root@openstack-1 ~]# keystone endpoint-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+
|                id                |   region  |           publicurl            |          internalurl           |             adminurl            |            service_id            |
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+
| 89a6938a0ff246ebbf26d765474ac167 | regionOne | http://192.168.0.206:5000/v2.0 | http://192.168.0.206:5000/v2.0 | http://192.168.0.206:35357/v2.0 | f634a47ae9ac450f87e90d76ee8a4215 |
| b3040442c15941de89f237f95f6bdca9 | regionOne |   http://192.168.0.206:9292    |   http://192.168.0.206:9292    |    http://192.168.0.206:9292    | a66638362d1d4f9c905fdc419e979a6f |
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+

授权glance日志

[root@openstack-1 ~]# chown -R glance.glance /var/log/glance/*

启动服务

[root@openstack-1 ~]# /etc/init.d/openstack-glance-api start
Starting openstack-glance-api:                             [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-glance-registry start
Starting openstack-glance-registry:                        [  OK  ]

查看日志

[root@openstack-1 ~]# tail -3 /var/log/glance/api.log 
2017-04-05 22:05:41.132 22929 INFO glance.wsgi.server [-] Starting 1 workers
2017-04-05 22:05:41.135 22929 INFO glance.wsgi.server [-] Started child 22938
2017-04-05 22:05:41.147 22938 INFO glance.wsgi.server [-] (22938) wsgi starting up on http://0.0.0.0:9292/
[root@openstack-1 ~]# tail -3 /var/log/glance/registry.log 
2017-04-05 22:05:59.467 22952 INFO glance.wsgi.server [-] Starting 1 workers
2017-04-05 22:05:59.481 22952 INFO glance.wsgi.server [-] Started child 22958
2017-04-05 22:05:59.495 22958 INFO glance.wsgi.server [-] (22958) wsgi starting up on http://0.0.0.0:9191/

启动了9191和9292端口

[root@openstack-1 ~]# ss -nlpt | egrep '9191|9292'
LISTEN     0      128                       *:9292                     *:*      users:(("glance-api",22929,5),("glance-api",22938,5))
LISTEN     0      128                       *:9191                     *:*      users:(("glance-registry",22952,4),("glance-registry",22958,4))

查看镜像

[root@openstack-1 ~]# glance image-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----+------+-------------+------------------+------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+----+------+-------------+------------------+------+--------+
+----+------+-------------+------------------+------+--------+

出现这个即为正常,现在没有镜像

下载镜像

[root@openstack-1 ~]# wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img

上传镜像

[root@openstack-1 ~]# glance image-create --name "cirros-0.3.3-x86_64" --disk-format qcow2 --container-format bare --is-public True --file cirros-0.3.3-x86_64-disk.img 
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | 133eae9fb1c98f45894a4e60d8736619     |
| container_format | bare                                 |
| created_at       | 2017-04-05T14:28:22                  |
| deleted          | False                                |
| deleted_at       | None                                 |
| disk_format      | qcow2                                |
| id               | b46e76d0-6143-4120-bfee-04150cdfe91c |
| is_public        | True                                 |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | cirros-0.3.3-x86_64                  |
| owner            | 8f3a33c020c445a395d203d711b2b145     |
| protected        | False                                |
| size             | 13200896                             |
| status           | active                               |
| updated_at       | 2017-04-05T14:28:22                  |
| virtual_size     | None                                 |
+------------------+--------------------------------------+

查看镜像

[root@openstack-1 ~]# glance image-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| ID                                   | Name                | Disk Format | Container Format | Size     | Status |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| b46e76d0-6143-4120-bfee-04150cdfe91c | cirros-0.3.3-x86_64 | qcow2       | bare             | 13200896 | active |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+

可以看到刚才上传的镜像

安装Nova

  • api 处理用户请求,通过消息队列通知其他组件
  • scheduler 决策虚拟机创建在哪个主机,根据Filter(过滤满足条件的主机)和Weight,如果报错可能是nove computer未启动或者资源不够等
  • Cert 负责身份认证
  • novncproxy VNC的代理,转发VNC的请求
  • consoleauth 控制台认证
  • conductor 计算节点访问数据的中间件

安装nova

[root@openstack-1 ~]# yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

配置nova数据库连接

[root@openstack-1 ~]# vi /etc/nova/nova.conf 
#connection=mysql://nova:nova@localhost/nova
改为
connection=mysql://nova:nova@192.168.0.206/nova
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u nova -pnova -e "use nova;show tables"
+--------------------------------------------+
| Tables_in_nova                             |
+--------------------------------------------+
| agent_builds                               |
| aggregate_hosts                            |
| aggregate_metadata                         |
| aggregates                                 |
| block_device_mapping                       |
| bw_usage_cache                             |
| cells                                      |
| certificates                               |
| compute_nodes                              |
| console_pools                              |
| consoles                                   |
| dns_domains                                |
| fixed_ips                                  |
| floating_ips                               |
| instance_actions                           |
| instance_actions_events                    |
| instance_faults                            |
| instance_group_member                      |
| instance_group_metadata                    |
| instance_group_policy                      |
| instance_groups                            |
| instance_id_mappings                       |
| instance_info_caches                       |
| instance_metadata                          |
| instance_system_metadata                   |
| instance_type_extra_specs                  |
| instance_type_projects                     |
| instance_types                             |
| instances                                  |
| iscsi_targets                              |
| key_pairs                                  |
| migrate_version                            |
| migrations                                 |
| networks                                   |
| pci_devices                                |
| project_user_quotas                        |
| provider_fw_rules                          |
| quota_classes                              |
| quota_usages                               |
| quotas                                     |
| reservations                               |
| s3_images                                  |
| security_group_default_rules               |
| security_group_instance_association        |
| security_group_rules                       |
| security_groups                            |
| services                                   |
| shadow_agent_builds                        |
| shadow_aggregate_hosts                     |
| shadow_aggregate_metadata                  |
| shadow_aggregates                          |
| shadow_block_device_mapping                |
| shadow_bw_usage_cache                      |
| shadow_cells                               |
| shadow_certificates                        |
| shadow_compute_nodes                       |
| shadow_console_pools                       |
| shadow_consoles                            |
| shadow_dns_domains                         |
| shadow_fixed_ips                           |
| shadow_floating_ips                        |
| shadow_instance_actions                    |
| shadow_instance_actions_events             |
| shadow_instance_faults                     |
| shadow_instance_group_member               |
| shadow_instance_group_metadata             |
| shadow_instance_group_policy               |
| shadow_instance_groups                     |
| shadow_instance_id_mappings                |
| shadow_instance_info_caches                |
| shadow_instance_metadata                   |
| shadow_instance_system_metadata            |
| shadow_instance_type_extra_specs           |
| shadow_instance_type_projects              |
| shadow_instance_types                      |
| shadow_instances                           |
| shadow_iscsi_targets                       |
| shadow_key_pairs                           |
| shadow_migrate_version                     |
| shadow_migrations                          |
| shadow_networks                            |
| shadow_pci_devices                         |
| shadow_project_user_quotas                 |
| shadow_provider_fw_rules                   |
| shadow_quota_classes                       |
| shadow_quota_usages                        |
| shadow_quotas                              |
| shadow_reservations                        |
| shadow_s3_images                           |
| shadow_security_group_default_rules        |
| shadow_security_group_instance_association |
| shadow_security_group_rules                |
| shadow_security_groups                     |
| shadow_services                            |
| shadow_snapshot_id_mappings                |
| shadow_snapshots                           |
| shadow_task_log                            |
| shadow_virtual_interfaces                  |
| shadow_volume_id_mappings                  |
| shadow_volume_usage_cache                  |
| shadow_volumes                             |
| snapshot_id_mappings                       |
| snapshots                                  |
| task_log                                   |
| virtual_interfaces                         |
| volume_id_mappings                         |
| volume_usage_cache                         |
| volumes                                    |
+--------------------------------------------+

配置nova的rabbit-mq

#rabbit_host=localhost

# The RabbitMQ broker port where a single node is used.
# (integer value)
#rabbit_port=5672

# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port

# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false

# The RabbitMQ userid. (string value)
#rabbit_userid=guest

# The RabbitMQ password. (string value)
#rabbit_password=guest
改为
rabbit_host=192.168.0.206

# The RabbitMQ broker port where a single node is used.
# (integer value)
rabbit_port=5672

# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port

# Connect over SSL for RabbitMQ. (boolean value)
rabbit_use_ssl=false

# The RabbitMQ userid. (string value)
rabbit_userid=guest

# The RabbitMQ password. (string value)
rabbit_password=guest



#rpc_backend=rabbit
改为
rpc_backend=rabbit

创建nova用户

[root@openstack-1 ~]# keystone user-create --name=nova --pass=nova
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | c30793f468084a509950d49f3003d7b8 |
|   name   |               nova               |
| username |               nova               |
+----------+----------------------------------+

[root@openstack-1 ~]# keystone user-role-add --user=nova --tenant=service --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

配置nova的keystone认证

# Host providing the admin Identity API endpoint (string
# value)
#auth_host=127.0.0.1

# Port of the admin Identity API endpoint (integer value)
#auth_port=35357

# Protocol of the admin Identity API endpoint(http or https)
# (string value)
#auth_protocol=http

# Complete public Identity API endpoint (string value)
#auth_uri=<None>

# API version of the admin Identity API endpoint (string
# value)
#auth_version=v2.0

改为
# Host providing the admin Identity API endpoint (string
# value)
auth_host=192.168.0.206

# Port of the admin Identity API endpoint (integer value)
auth_port=35357

# Protocol of the admin Identity API endpoint(http or https)
# (string value)
auth_protocol=http

# Complete public Identity API endpoint (string value)
auth_uri=http://192.168.0.206:5000

# API version of the admin Identity API endpoint (string
# value)
auth_version=v2.0





# Keystone account username (string value)
#admin_user=%SERVICE_USER%

# Keystone account password (string value)
#admin_password=%SERVICE_PASSWORD%

# Keystone service account tenant name to validate user tokens
# (string value)
#admin_tenant_name=%SERVICE_TENANT_NAME%
改为
# Keystone account username (string value)
admin_user=nova

# Keystone account password (string value)
admin_password=nova

# Keystone service account tenant name to validate user tokens
# (string value)
admin_tenant_name=service



#auth_strategy=noauth
改为
auth_strategy=keystone


#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
改为
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html


#vncserver_listen=127.0.0.1
改为
vncserver_listen=0.0.0.0

#vncserver_proxyclient_address=127.0.0.1
改为
vncserver_proxyclient_address=192.168.0.206

#vnc_enabled=true
改为
vnc_enabled=true

#vnc_keymap=en-us
改为
vnc_keymap=en-us

#my_ip=10.0.0.1
改为
my_ip=192.168.0.206
这是为了修改glance的ip,#glance_host=$my_ip,还有好多的配置都依赖于my_id


以上有些只是取消了注释只是代表这些是在分服务安装openstack的时候需要的,使用默认也是可以的,以下是一些路径
#lock_path=/var/lib/nova/tmp
#state_path=/var/lib/nova       状态路径
#instances_path=$state_path/instances   虚拟机存放位置
#compute_driver=libvirt.LibvirtDriver   后端使用libvirt

查看完整的nova配置文件

[root@openstack-1 ~]# grep '^[a-z]' /etc/nova/nova.conf
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rpc_backend=rabbit
my_ip=192.168.0.206
state_path=/var/lib/nova
auth_strategy=keystone
instances_path=$state_path/instances
glance_host=$my_ip
lock_path=/var/lib/nova/tmp
compute_driver=libvirt.LibvirtDriver
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.0.206
vnc_enabled=true
vnc_keymap=en-us
connection=mysql://nova:nova@192.168.0.206/nova
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
auth_uri=http://192.168.0.206:5000
auth_version=v2.0
admin_user=nova
admin_password=nova
admin_tenant_name=service

创建nova服务

[root@openstack-1 ~]# keystone service-create --name=nova --type=compute
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | 20a727144a2849d9a73b2e19ee81d9bd |
|     name    |               nova               |
|     type    |             compute              |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list|awk '/ compute / {print $2}') --publicurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s --internalurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s --adminurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s  
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+--------------------------------------------+
|   Property  |                   Value                    |
+-------------+--------------------------------------------+
|   adminurl  | http://192.168.0.206:8774/v2/%(tenant_id)s |
|      id     |      f1c73026369c47ac861a9f3533751760      |
| internalurl | http://192.168.0.206:8774/v2/%(tenant_id)s |
|  publicurl  | http://192.168.0.206:8774/v2/%(tenant_id)s |
|    region   |                 regionOne                  |
|  service_id |      20a727144a2849d9a73b2e19ee81d9bd      |
+-------------+--------------------------------------------+
根据传给的租户ID进行返回

启动nova服务

[root@openstack-1 ~]# /etc/init.d/openstack-nova-api start
Starting openstack-nova-api:                               [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-cert start
Starting openstack-nova-cert:                              [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-conductor start
Starting openstack-nova-conductor:                         [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-consoleauth start
Starting openstack-nova-consoleauth:                       [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-novncproxy start
Starting openstack-nova-novncproxy:                        [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-scheduler start
Starting openstack-nova-scheduler:                         [  OK  ]

查看nova的服务

[root@openstack-1 ~]# nova host-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------+-------------+----------+
| host_name                  | service     | zone     |
+----------------------------+-------------+----------+
| openstack-1.whysdomain.com | conductor   | internal |
| openstack-1.whysdomain.com | consoleauth | internal |
| openstack-1.whysdomain.com | scheduler   | internal |
| openstack-1.whysdomain.com | cert        | internal |
+----------------------------+-------------+----------+

安装nova-compute

注意在第二台机器上操作

检查是否支持kvm

[root@openstack-2 ~]# egrep  '(vmx|svm)' /proc/cpuinfo 
flags       : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi ept vpid fsgsbase smep

安装依赖

[root@openstack-2 ~]# yum install -y qemu-kvm libvirt openstack-nova-compute python-novaclient

配置nova-compute

从openstack-1节点拷贝配置文件

[root@openstack-1 ~]# scp /etc/nova/nova.conf 192.168.0.207:/etc/nova/nova.conf

修改配置文件

[root@openstack-2 ~]# vi /etc/nova/nova.conf
vncserver_proxyclient_address=192.168.0.206
改为本机的IP,每个节点的vncserver的ip是不同的
vncserver_proxyclient_address=192.168.0.207

vncserver负责提供控制台服务

[root@openstack-2 ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon:                                  [  OK  ]
[root@openstack-2 ~]# /etc/init.d/messagebus start
Starting system message bus: 
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute start
Starting openstack-nova-compute:                           [  OK  ]

如果出现以下问题

[root@openstack-2 ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon: libvirtd: relocation error: libvirtd: symbol dm_task_get_info_with_deferred_remove, version Base not defined in file libdevmapper.so.1.02 with link time reference
                                                           [FAILED]

执行

[root@openstack-2 ~]# yum upgrade device-mapper-libs
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute restart
Stopping openstack-nova-compute:                           [FAILED]
Starting openstack-nova-compute:                           [  OK  ]
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute status
openstack-nova-compute (pid  4620) is running...

在openstack-1节点上可以看到compute已经注册过来

[root@openstack-1 ~]# nova host-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------+-------------+----------+
| host_name                  | service     | zone     |
+----------------------------+-------------+----------+
| openstack-1.whysdomain.com | conductor   | internal |
| openstack-1.whysdomain.com | consoleauth | internal |
| openstack-1.whysdomain.com | scheduler   | internal |
| openstack-1.whysdomain.com | cert        | internal |
| openstack-2.whysdomain.com | compute     | nova     |
+----------------------------+-------------+----------+

注意主机名不要随意修改,如果修改会认为是一个新的节点加进来,并且删除主机上的虚拟机。

Neutron

Openstack中就类似一个网络,每台虚拟机为一台主机,通过连接到交换机进行互连,通过路由器进行连接上网。

Neutron实现了数据链路层通过linuxbridge实现,网络层通过iptables和route等实现,传输层通过Lbaas haproxy实现,应用层通过Ibass实现。

网络类型

  • 公共网络,与外部网络进行通信
  • 管理网络,云主机之间进行通信
  • 存储网络,例如iscsi和glusterFS
  • 服务网络,虚拟机内部使用的网络

这四种网络可以是一个网卡提供,也可以是每个网卡来提供一种网络

安装Neutron

[root@openstack-1 ~]# yum install -y  openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge

配置neutron

[root@openstack-1 ~]# vi /etc/neutron/neutron.conf
# connection = mysql://root:pass@127.0.0.1:3306/neutron
改为
connection = mysql://neutron:neutron@192.168.0.206:3306/neutron

创建neutron服务

[root@openstack-1 ~]# source keystone-admin 
[root@openstack-1 ~]# keystone user-create --name neutron --pass neutron
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|  email   |                                  |
| enabled  |               True               |
|    id    | d59ce691fc51408cb1c1192b0f426f64 |
|   name   |             neutron              |
| username |             neutron              |
+----------+----------------------------------+
[root@openstack-1 ~]# keystone user-role-add --user neutron --tenant service --role admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

继续配置neutron

[root@openstack-1 ~]# vi /etc/neutron/neutron.conf
[keystone_authtoken]
# auth_host = 127.0.0.1
# auth_port = 35357
# auth_protocol = http
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host = 192.168.0.206
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron


# auth_strategy = noauth
改为
auth_strategy = keystone


# api_paste_config = /usr/share/neutron/api-paste.ini
改为
api_paste_config = /usr/share/neutron/api-paste.ini




# IP address of the RabbitMQ installation
# rabbit_host = localhost
# Password of the RabbitMQ server
# rabbit_password = guest
# Port where RabbitMQ server is running/listening
# rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
# rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
# rabbit_virtual_host = /
改为
# IP address of the RabbitMQ installation
rabbit_host = 192.168.0.206
# Password of the RabbitMQ server
rabbit_password = guest
# Port where RabbitMQ server is running/listening
rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
rabbit_virtual_host = /



# notify_nova_on_port_status_changes = False
改为
notify_nova_on_port_status_changes = True

# notify_nova_on_port_data_changes = False
改为
notify_nova_on_port_data_changes = True

# nova_url = http://127.0.0.1:8774/v2
改为
nova_url = http://192.168.0.206:8774/v2

# nova_admin_username = 
改为
nova_admin_username = nova

# nova_admin_tenant_id =
改为keystone tenant-list获取到的service的id值
nova_admin_tenant_id = 78359fd9b227418ba3987eea0d22f291

# nova_admin_password =
改为
nova_admin_password = nova

# nova_admin_auth_url =
改为keystone的url
nova_admin_auth_url = http://192.168.0.206:35357/v2.0



# debug = False
改为
debug = True


# root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
改为
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
这个配置用于sudo


# core_plugin =
改为
core_plugin = ml2
核心插件ml2

# service_plugins =
改为
service_plugins = router,firewall,lbaas

# state_path = /var/lib/neutron
# lock_path = $state_path/lock
也取消配置即可

配置neutron-ml2

[root@openstack-1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# type_drivers = local,flat,vlan,gre,vxlan
改为
type_drivers = flat,vlan,gre,vxlan

# tenant_network_types = local
改为
tenant_network_types = flat,vlan,gre,vxlan

# mechanism_drivers =
改为
mechanism_drivers = openvswitch,linuxbridge

[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
改为
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
flat_networks = physnet1
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *

在linuxbridge中physnet1对应的为一个网卡

# enable_security_group = True
改为
enable_security_group = True

配置linuxbridge

[root@openstack-1 ~]# vi /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
# network_vlan_ranges =
改为
network_vlan_ranges = physnet1

# physical_interface_mappings =
改为
physical_interface_mappings = physnet1:eth0
物理网卡对应eth0


# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
改为
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
防火墙驱动

# enable_security_group = True
改为
enable_security_group = True

配置nova

[root@openstack-1 ~]# vi /etc/nova/nova.conf 
#neutron_url=http://127.0.0.1:9696
改为
neutron_url=http://192.168.0.206:9696

#neutron_admin_username=<None>
改为
neutron_admin_username=neutron

#neutron_admin_password=<None>
改为
neutron_admin_password=neutron

#neutron_admin_tenant_id=<None>
改为
neutron_admin_tenant_id= 78359fd9b227418ba3987eea0d22f291


#neutron_admin_tenant_name=<None>
改为
neutron_admin_tenant_name=service

#neutron_admin_auth_url=http://localhost:5000/v2.0
改为
neutron_admin_auth_url=http://192.168.0.206:5000/v2.0

#neutron_auth_strategy=keystone
改为
neutron_auth_strategy=keystone

#network_api_class=nova.network.api.API
改为
network_api_class=nova.network.neutronv2.api.API

这个配置nova.network.neutronv2.api.API是调用的python的一个方法

[root@openstack-1 ~]# ll /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py
-rw-r--r-- 1 root root 58018 Jul  1  2015 /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py
其中有
class API(base.Base):
    """API for interacting with the neutron 2.x API."""
    _sentinel = object()
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
改为
firewall_driver=nova.virt.firewall.NoopFirewallDriver
nova有自己的防火墙,neutron也有自己的防火墙,我们使用neutron的防火墙进行流量等管理,关闭nova的防火墙


#vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
改为
vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver

#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
改为
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver

#security_group_api=nova
改为
security_group_api=neutron

重启nova服务

[root@openstack-1 ~]# /etc/init.d/openstack-nova-api restart
Stopping openstack-nova-api:                               [  OK  ]
Starting openstack-nova-api:                               [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-conductor restart
Stopping openstack-nova-conductor:                         [  OK  ]
Starting openstack-nova-conductor:                         [  OK  ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-scheduler restart
Stopping openstack-nova-scheduler:                         [  OK  ]
Starting openstack-nova-scheduler:                         [  OK  ]

创建neutron的endpoint

[root@openstack-1 ~]# source keystone-admin 
[root@openstack-1 ~]# keystone service-create --name neutron --type network
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | d75254fff7c544cba014cc7d49e7d7f6 |
|     name    |             neutron              |
|     type    |             network              |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.0.206:9696 --internalurl=http://192.168.0.206:9696 --adminurl=http://192.168.0.206:9696
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
|   adminurl  |    http://192.168.0.206:9696     |
|      id     | 5b91687bb3eb4e2e837f76f778474831 |
| internalurl |    http://192.168.0.206:9696     |
|  publicurl  |    http://192.168.0.206:9696     |
|    region   |            regionOne             |
|  service_id | d75254fff7c544cba014cc7d49e7d7f6 |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone service-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------+---------------------------+
|                id                |   name   |   type   |        description        |
+----------------------------------+----------+----------+---------------------------+
| a66638362d1d4f9c905fdc419e979a6f |  glance  |  image   |                           |
| f634a47ae9ac450f87e90d76ee8a4215 | keystone | identity | keystone identity service |
| d75254fff7c544cba014cc7d49e7d7f6 | neutron  | network  |                           |
| 20a727144a2849d9a73b2e19ee81d9bd |   nova   | compute  |                           |
+----------------------------------+----------+----------+---------------------------+

检查各项配置文件

nova.conf

[root@openstack-1 ~]# grep '^[a-z]' /etc/nova/nova.conf 
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rpc_backend=rabbit
my_ip=192.168.0.206
state_path=/var/lib/nova
auth_strategy=keystone
instances_path=$state_path/instances
glance_host=$my_ip
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
neutron_url=http://192.168.0.206:9696
neutron_admin_username=neutron
neutron_admin_password=neutron
neutron_admin_tenant_id=78359fd9b227418ba3987eea0d22f291
neutron_admin_tenant_name=service
neutron_admin_auth_url=http://192.168.0.206:5000/v2.0
neutron_auth_strategy=keystone
security_group_api=neutron
lock_path=/var/lib/nova/tmp
compute_driver=libvirt.LibvirtDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.0.206
vnc_enabled=true
vnc_keymap=en-us
connection=mysql://nova:nova@192.168.0.206/nova
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
auth_uri=http://192.168.0.206:5000
auth_version=v2.0
admin_user=nova
admin_password=nova
admin_tenant_name=service
vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver

neutron.conf

[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/neutron.conf 
debug = True
state_path = /var/lib/neutron
lock_path = $state_path/lock
core_plugin = ml2
service_plugins = router,firewall,lbaas
api_paste_config = /usr/share/neutron/api-paste.ini
auth_strategy = keystone
rabbit_host = 192.168.0.206
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
rabbit_virtual_host = /
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.0.206:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = 78359fd9b227418ba3987eea0d22f291
nova_admin_password = nova
nova_admin_auth_url = http://192.168.0.206:35357/v2.0
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
auth_host = 192.168.0.206
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
connection = mysql://neutron:neutron@192.168.0.206:3306/neutron
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

ml2_conf.ini

[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/plugins/ml2/ml2_conf.ini 
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,linuxbridge
flat_networks = physnet1
enable_security_group = True

linuxbridge_conf.ini

[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini 
network_vlan_ranges = physnet1
physical_interface_mappings = physnet1:eth0
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True

测试前台启动

[root@openstack-1 ~]# neutron-server --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini --config-file=/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini 
2017-04-06 23:33:00.131 37544 INFO neutron.service [-] Neutron service started, listening on 0.0.0.0:9696
2017-04-06 23:33:00.156 37544 INFO neutron.wsgi [-] (37544) wsgi starting up on http://0.0.0.0:9696/

2017-04-06 23:33:00.168 37544 INFO neutron.openstack.common.rpc.common [-] Connected to AMQP server on 192.168.0.206:5672

可以看到启动了的9696端口

修改启动脚本

这个默认启动脚本有一些问题

[root@openstack-1 ~]# cp /etc/init.d/neutron-server /etc/init.d/neutron-server.why
[root@openstack-1 ~]# vi /etc/init.d/neutron-server 

configs=(
    "/usr/share/$prog/$prog-dist.conf" \
    "/etc/$prog/$prog.conf" \
    "/etc/$prog/plugin.ini" \
)

改为
configs=(
    "/etc/neutron/neutron.conf" \
    "/etc/neutron/plugins/ml2/ml2_conf.ini" \
    "/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini" \
)

启动服务

[root@openstack-1 ~]# /etc/init.d/neutron-server start
Starting neutron:                                          [  OK  ]

/etc/init.d/neutron-linuxbridge-agent也需要同样的修改

[root@openstack-1 ~]# cp /etc/init.d/neutron-linuxbridge-agent /etc/init.d/neutron-linuxbridge-agent.why
[root@openstack-1 ~]# vi /etc/init.d/neutron-linuxbridge-agent
[root@openstack-1 ~]# !$ start
/etc/init.d/neutron-linuxbridge-agent start
Starting neutron-linuxbridge-agent:                        [  OK  ]

[root@openstack-1 ~]# neutron agent-list
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| id                                   | agent_type         | host                       | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| c7645f51-8948-4719-b880-f0b2ff885427 | Linux bridge agent | openstack-1.whysdomain.com | :-)   | True           |
+--------------------------------------+--------------------+----------------------------+-------+----------------+

节点2安装neutron

第二个节点也要安装

[root@openstack-2 ~]# yum install -y  openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge

从第一个节点上拷贝配置文件

[root@openstack-1 ~]# scp /etc/nova/nova.conf 192.168.0.207:/etc/nova/
[root@openstack-1 ~]# scp /etc/neutron/neutron.conf 192.168.0.207:/etc/neutron/
[root@openstack-1 ~]# scp /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini 192.168.0.207:/etc/neutron/plugins/linuxbridge/
[root@openstack-1 ~]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 192.168.0.207:/etc/neutron/plugins/ml2/
[root@openstack-1 ~]# scp /etc/init.d/neutron-* 192.168.0.207:/etc/init.d/

修改/etc/nova/nova.conf的vnc的IP地址

[root@openstack-2 ~]# vi /etc/nova/nova.conf
vncserver_proxyclient_address=192.168.0.207

重启服务

[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute restart
Stopping openstack-nova-compute:                           [  OK  ]
Starting openstack-nova-compute:                           [  OK  ]

启动服务

[root@openstack-2 ~]# /etc/init.d/neutron-server start
Starting neutron:                                          [  OK  ]
[root@openstack-2 ~]# /etc/init.d/neutron-linuxbridge-agent start
Starting neutron-linuxbridge-agent:                        [  OK  ]

查看neutron服务

在一节点可以查看到两台主机

[root@openstack-1 ~]# neutron agent-list
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| id                                   | agent_type         | host                       | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| 3f4c481e-c3da-40e4-a9af-9387174b3f37 | Linux bridge agent | openstack-2.whysdomain.com | :-)   | True           |
| c7645f51-8948-4719-b880-f0b2ff885427 | Linux bridge agent | openstack-1.whysdomain.com | :-)   | True           |
+--------------------------------------+--------------------+----------------------------+-------+----------------+

安装openstack-dashboard

下载openstack-dashboard

[root@openstack-1 ~]# yum install -y httpd mod_wsgi memcached python-memcached openstack-dashboard

启动memcached

[root@openstack-1 ~]# /etc/init.d/memcached start
Starting memcached:                                        [  OK  ]

配置openstack-dashboard

[root@openstack-1 ~]# vim /etc/openstack-dashboard/local_settings
# CACHES = {
#    'default': {
#        'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
#        'LOCATION' : '127.0.0.1:11211',
#    }
#}
取消注释
CACHES = {
    'default': {
        'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION' : '127.0.0.1:11211',
    }
}

OPENSTACK_HOST = "127.0.0.1"
改为keystone的ip地址
OPENSTACK_HOST = "192.168.0.206"

ALLOWED_HOSTS = ['horizon.example.com', 'localhost']
改为
ALLOWED_HOSTS = ['horizon.example.com', 'localhost','192.168.0.206']

创建网络

[root@openstack-1 ~]# neutron net-create --tenant-id 8f3a33c020c445a395d203d711b2b145  flat_net --shared --provider:network_type flat --provider:physical_network physnet1
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 30f426df-c7c7-4e98-a894-c2a27e792e09 |
| name                      | flat_net                             |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 8f3a33c020c445a395d203d711b2b145     |
+---------------------------+--------------------------------------+
[root@openstack-1 ~]# neutron net-list
+--------------------------------------+----------+---------+
| id                                   | name     | subnets |
+--------------------------------------+----------+---------+
| 30f426df-c7c7-4e98-a894-c2a27e792e09 | flat_net |         |
+--------------------------------------+----------+---------+

通过web访问 http://192.168.0.206/dashboard

使用创建的admin用户登录即可,系统面板的概况

虚拟机管理器中是计算节点,主机名,类型(kvm也显示qemu)和一些硬件信息

镜像中可以看到刚才上传的镜像

网络中就有刚才创建的网络

点进去可以看到网络的详情

在这里创建子网

可以看到创建的子网

在项目中选择实例

启动虚拟机,进行

查看桥接网卡

[root@openstack-2 ~]# ifconfig
brq30f426df-c7 Link encap:Ethernet  HWaddr 00:0C:29:1B:07:C2  
          inet addr:192.168.0.207  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::4056:25ff:fe90:d6e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2491 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2747 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:588108 (574.3 KiB)  TX bytes:675936 (660.0 KiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:29:1B:07:C2  
          inet6 addr: fe80::20c:29ff:fe1b:7c2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:220187 errors:0 dropped:0 overruns:0 frame:0
          TX packets:143149 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:141843749 (135.2 MiB)  TX bytes:24673547 (23.5 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:169253 errors:0 dropped:0 overruns:0 frame:0
          TX packets:169253 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8886687 (8.4 MiB)  TX bytes:8886687 (8.4 MiB)

tapd8458bd7-c4 Link encap:Ethernet  HWaddr FE:16:3E:7C:01:29  
          inet6 addr: fe80::fc16:3eff:fe7c:129/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:1464 (1.4 KiB)  TX bytes:4376 (4.2 KiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:B3:EB:5B  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

[root@openstack-2 ~]# brctl show
bridge name bridge id       STP enabled interfaces
brq30f426df-c7      8000.000c291b07c2   no      eth0
                            tapd8458bd7-c4
virbr0      8000.525400b3eb5b   yes     virbr0-nic

可以看到创建成功的主机

已知bug

在class FloatingIpManager类里少了is_supported的方法,这个是一个bug,可以通过手动修改解决。

[root@openstack-1 ~]# vim /usr/share/openstack-dashboard/openstack_dashboard/api/neutron.py
在class FloatingIpManager下
    def is_simple_associate_supported(self):
        # NOTE: There are two reason that simple association support
        # needs more considerations. (1) Neutron does not support the
        # default floating IP pool at the moment. It can be avoided
        # in case where only one floating IP pool exists.
        # (2) Neutron floating IP is associated with each VIF and
        # we need to check whether such VIF is only one for an instance
        # to enable simple association support.
        return False
#在这个类的最下面,增加下面的方法,注意缩进。
    def is_supported(self):
        network_config = getattr(settings, 'OPENSTACK_NEUTRON_NETWORK', {})
        return network_config.get('enable_router', True)

重启http服务即可

[root@openstack-1 ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

如果控制台没有显示可以查看

[root@openstack-1 ~]# ss -nlpt | grep 6080
[root@openstack-1 ~]# /etc/init.d/openstack-nova-novncproxy status
openstack-nova-novncproxy dead but pid file exists

如果有以上两种情况,是因为websockify版本太低,升级websockify版本即可

[root@openstack-1 ~]# pip install websockify==0.5.1
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
You are using pip version 7.1.0, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting websockify==0.5.1
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading websockify-0.5.1.tar.gz (833kB)
    100% |████████████████████████████████| 835kB 43kB/s 
Requirement already satisfied (use --upgrade to upgrade): numpy in /usr/lib64/python2.6/site-packages (from websockify==0.5.1)
Installing collected packages: websockify
  Found existing installation: websockify 0.6.0
    Uninstalling websockify-0.6.0:
      Successfully uninstalled websockify-0.6.0
  Running setup.py install for websockify
Successfully installed websockify-0.5.1

开启计算节点的内核转发

[root@openstack-2 ~]# vi /etc/sysctl.conf 
[root@openstack-2 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

配置启动主机的IP地址

[root@openstack-1 ~]# ping 192.168.0.212
PING 192.168.0.212 (192.168.0.212) 56(84) bytes of data.
64 bytes from 192.168.0.212: icmp_seq=1 ttl=64 time=0.874 ms
64 bytes from 192.168.0.212: icmp_seq=2 ttl=64 time=0.602 ms
^C
--- 192.168.0.212 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1408ms
rtt min/avg/max/mdev = 0.602/0.738/0.874/0.136 ms

创建的实例存储位置

[root@openstack-2 ~]# ll /var/lib/nova/instances/
total 16
drwxr-xr-x. 2 nova nova 4096 Apr  7 02:47 4f595ded-38ff-4e95-b8d4-ce68e6e387b1
drwxr-xr-x. 2 nova nova 4096 Apr  7 02:40 _base
-rw-r--r--. 1 nova nova   50 Apr  9 03:23 compute_nodes
drwxr-xr-x. 2 nova nova 4096 Apr  7 02:40 locks

[root@openstack-2 ~]# tree /var/lib/nova/instances/
/var/lib/nova/instances/
├── 4f595ded-38ff-4e95-b8d4-ce68e6e387b1
│   ├── console.log
│   ├── disk
│   ├── disk.info
│   └── libvirt.xml
├── _base
│   └── 6dcdd0e8b408cdf13c44835384f04b2d2c4036ee
├── compute_nodes
└── locks
    ├── nova-6dcdd0e8b408cdf13c44835384f04b2d2c4036ee
    └── nova-storage-registry-lock

3 directories, 8 files

4f595ded-38ff-4e95-b8d4-ce68e6e387b1也正是我们的实例ID

openstack部署完成。