<服务>openstack——i版部署<I>
目录:
Openstack简介
传统的数据中心有一定的问题,首先就是托管和维护成本,其次就是实施效率。
Openstack是一个项目,包括依赖的组件MySQL,RabbitMQ,apache自身的组件,Hortzen提供一个web Dishboard服务,Nova负责提供计算资源(支持KVM,Xen,vCenter等),Neutron负责网络资源的管理,Swift和Cinderm存储,KeyStone认证和注册管理,Glance镜像服务管理,Ceilometer监控服务,还有一些高级的组件,Heaf自动化部署和Trove数据库服务等。
版本从A开始,依次B,C,D依次往后,此次博客中使用的为I版,不推荐使用一些新版本,除非说新版本有我们需要的特性,如果没有的话完全可以不升级。
Openstack的开发语言重要是Python,占了大概三分之二。
部署Openstack
环境准备
Openstack只需要两台主机,每台内存大小为2GB,需要cpu开启虚拟化。
| 主机名 | IP地址 | 节点作用 |
|---|---|---|
| openstack-1.whysdomain.com | 192.168.0.206 | 作为管理节点 |
| openstack-2.whysdomain.com | 192.168.0.207 | 作为计算节点 |
两台主机都需要做的准备
主机名
[root@openstack-1 ~]# hostname
openstack-1.whysdomain.com
主机名可以ping通
[root@openstack-1 ~]# ping openstack-1.whysdomain.com
PING openstack-1.whysdomain.com (192.168.0.206) 56(84) bytes of data.
64 bytes from openstack-1.whysdomain.com (192.168.0.206): icmp_seq=1 ttl=64 time=0.042 ms
64 bytes from openstack-1.whysdomain.com (192.168.0.206): icmp_seq=2 ttl=64 time=0.042 ms
^C
--- openstack-1.whysdomain.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1985ms
rtt min/avg/max/mdev = 0.042/0.042/0.042/0.000 ms
安装epel的包
[root@openstack-1 ~]# rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.2ffY9i: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
selinux关闭
[root@openstack-1 ~]# getenforce
Disabled
时间同步
[root@openstack-1 ~]# /usr/sbin/ntpdate pool.ntp.org
3 Apr 02:56:39 ntpdate[1786]: adjust time server 61.216.153.106 offset 0.003436 sec
[root@openstack-1 ~]# echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >> /var/spool/cron/root
安装依赖包
[root@openstack-1 ~]# yum install -y python-pip gcc gcc-c++ libtool patch make automake python-devel libxslt-devel MySQL-python openssl-devel libudev-devel git wget libvirt-python libvirt qemu-kvm gedit python-numdisplay python-eventlet device-mapper bridge-utils libffi-devel libffi
管理节点安装依赖服务
安装MySQL
[root@openstack-1 ~]# yum install -y mysql-server
配置MySQL
[root@openstack-1 ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
cp: overwrite `/etc/my.cnf'? y
引擎配置为inodb,使用utf8字符集,一定要使用utf8字符集
[root@openstack-1 ~]# vi /etc/my.cnf
在[mysqld]标签下添加
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
启动MySQL服务
[root@openstack-1 ~]# /etc/init.d/mysqld start
创建表并授权,分别给keystone,glance,nova,neutron和cinder
[root@openstack-1 ~]# mysql
mysql> create database keystone;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on keystone.* to keystone@'192.168.0.%' identified by 'keystone';
Query OK, 0 rows affected (0.00 sec)
mysql> create database glance;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on glance.* to glance@'192.168.0.%' identified by 'glance';
Query OK, 0 rows affected (0.00 sec)
mysql> create database nova;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on nova.* to nova@'192.168.0.%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)
mysql> create database neutron;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on neutron.* to neutron@'192.168.0.%' identified by 'neutron';
Query OK, 0 rows affected (0.00 sec)
mysql> create database cinder;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on cinder.* to cinder@'192.168.0.%' identified by 'cinder';
Query OK, 0 rows affected (0.00 sec)
安装rabbit-mq
[root@openstack-1 ~]# yum install -y rabbitmq-server
[root@openstack-1 ~]# /etc/init.d/rabbitmq-server start
Starting rabbitmq-server: SUCCESS
rabbitmq-server.
如果不能启动很有可能是域名式的主机不能正常解析,可以再添加短主机名openstack-1的映射,rabbit-mq默认是解析短主机名的。
启动rabbit-mq插件
[root@openstack-1 ~]# /usr/lib/rabbitmq/bin/rabbitmq-plugins list
[ ] amqp_client 3.1.5
[ ] cowboy 0.5.0-rmq3.1.5-git4b93c2d
[ ] eldap 3.1.5-gite309de4
[ ] mochiweb 2.7.0-rmq3.1.5-git680dba8
[ ] rabbitmq_amqp1_0 3.1.5
[ ] rabbitmq_auth_backend_ldap 3.1.5
[ ] rabbitmq_auth_mechanism_ssl 3.1.5
[ ] rabbitmq_consistent_hash_exchange 3.1.5
[ ] rabbitmq_federation 3.1.5
[ ] rabbitmq_federation_management 3.1.5
[ ] rabbitmq_jsonrpc 3.1.5
[ ] rabbitmq_jsonrpc_channel 3.1.5
[ ] rabbitmq_jsonrpc_channel_examples 3.1.5
[ ] rabbitmq_management 3.1.5
[ ] rabbitmq_management_agent 3.1.5
[ ] rabbitmq_management_visualiser 3.1.5
[ ] rabbitmq_mqtt 3.1.5
[ ] rabbitmq_shovel 3.1.5
[ ] rabbitmq_shovel_management 3.1.5
[ ] rabbitmq_stomp 3.1.5
[ ] rabbitmq_tracing 3.1.5
[ ] rabbitmq_web_dispatch 3.1.5
[ ] rabbitmq_web_stomp 3.1.5
[ ] rabbitmq_web_stomp_examples 3.1.5
[ ] rfc4627_jsonrpc 3.1.5-git5e67120
[ ] sockjs 0.3.4-rmq3.1.5-git3132eb9
[ ] webmachine 1.10.3-rmq3.1.5-gite9359c7
[root@openstack-1 ~]# /usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.
检查rabbit-mq启动情况
[root@openstack-1 ~]# ss -nlpt | grep 5672
LISTEN 0 128 *:15672 *:* users:(("beam",9360,17))
LISTEN 0 128 *:55672 *:* users:(("beam",9360,16))
LISTEN 0 128 :::5672 :::* users:(("beam",9360,14))
访问对应IP的15672端口,访问55672也行,会跳转到15672的
用户名密码均为guest
生产环境下需要修改默认的用户名和密码,注意Openstack中rabbit-mq的默认即为guest,所以在下边,我会把常用的并且使用默认的配置也进行取消注释的处理
安装keystone
负责用户与认证:用户权限与用户行为跟踪
- User:用户
- Tenant:租户
- Token:令牌
- Role:角色
- Service:服务
- Endpoint:端点,就是url地址
- 服务目录:提供一个服务目录,包括所有服务项与相关API端点
keystone是一个做用户管理的,但是最开始是没有用户,想连上进行创建用户,keystone提供了一个admin_token的功能,是一个万能的,所以在生产环境中不要使用admin_token
创建openstack的icehouse版的repo
现在openstack官方不提供openstack-icehouse的repo,只提供rpm下载,可以自行配置repo
[root@openstack-1 ~]# vi /etc/yum.repos.d/openstack-icehouse.repo
[root@openstack-1 ~]# cat /etc/yum.repos.d/openstack-icehouse.repo
[openstack-icehouse]
name=openstack-icehouse
baseurl=https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6
enabled=1
gpgcheck=0
安装keystone和python-keystoneclient
[root@openstack-1 ~]# yum clean all
Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Cleaning repos: epel openstack-icehouse os
Cleaning up Everything
[root@openstack-1 ~]# yum install -y openstack-keystone python-keystoneclient
因为依赖的包比较多,所以需要下载大概140多个包
如果出现以下问题
Error: Package: python-cinderclient-1.0.9-1.el6.noarch (openstack-icehouse)
Requires: python-requests
Error: Package: 1:python-keystoneclient-0.9.0-1.el6.noarch (openstack-icehouse)
Requires: python-requests >= 0.8.8
Error: Package: 1:python-novaclient-2.17.0-2.el6.noarch (openstack-icehouse)
Requires: python-argparse
Error: Package: 1:python-oslo-config-1.2.1-1.el6.noarch (openstack-icehouse)
Requires: python-argparse
Error: Package: python-cliff-1.4.4-1.el6.noarch (epel)
Requires: python-argparse
Error: Package: 1:python-novaclient-2.17.0-2.el6.noarch (openstack-icehouse)
Requires: python-requests
Error: Package: python-openstackclient-0.3.1-2.el6.noarch (openstack-icehouse)
Requires: python-requests
Error: Package: python-oslo-messaging-1.3.0.2-4.el6.noarch (openstack-icehouse)
Requires: PyYAML
Error: Package: 1:python-keystoneclient-0.9.0-1.el6.noarch (openstack-icehouse)
Requires: python-argparse
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
需要安装python-requests >= 0.8.8,python-argparse和PyYAML
RadHat就会遇到这些问题,推荐用CentOS6系统。可以配置一个新的OS源,url为http://mirror.centos.org/centos/6.8/os/x86_64/,然后就可以正常yum安装了
安装完后会有一个keystone的用户
[root@openstack-1 ~]# id keystone
uid=163(keystone) gid=163(keystone) groups=163(keystone)
创建pki目录给keystone用户使用
[root@openstack-1 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Generating RSA private key, 2048 bit long modulus
....................+++
...............................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
.......................................+++
.......+++
e is 65537 (0x10001)
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :ASN.1 12:'Unset'
localityName :ASN.1 12:'Unset'
organizationName :ASN.1 12:'Unset'
commonName :ASN.1 12:'www.example.com'
Certificate is to be certified until Apr 1 17:50:52 2027 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
默认会在/etc/keystone/ssl/certs/openssl.conf目录下
修改权限
[root@openstack-1 ~]# chown -R keystone.keystone /etc/keystone/ssl/
[root@openstack-1 ~]# chmod -R o-rwx /etc/keystone/ssl/
修改keystone的配置文件
[root@openstack-1 ~]# vim /etc/keystone/keystone.conf
#admin_token=ADMIN
取消该注释,也可以改为自己需要的token
admin_token=ADMIN
#connection=mysql://keystone:keystone@localhost/keystone
取消该注释,改为对应的IP地址,如果是本机,localhost也并非不可以,mysql也可以单独安装在别的节点
connection=mysql://keystone:keystone@192.168.0.206/keystone
# Print debugging output (set logging level to DEBUG instead
# of default WARNING level). (boolean value)
#debug=false
取消该注释,374行,并改为
debug=true
#log_file=/var/log/keystone/keystone.log
取消该注释即可
log_file=/var/log/keystone/keystone.log
[root@openstack-1 ~]# egrep '^[a-z]' /etc/keystone/keystone.conf
admin_token=ADMIN
debug=true
log_file=/var/log/keystone/keystone.log
connection=mysql://keystone:keystone@192.168.0.206/keystone
同步keystone数据库
[root@openstack-1 ~]# keystone-manage db_sync
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u keystone -pkeystone -e "use keystone;show tables;"
+-----------------------+
| Tables_in_keystone |
+-----------------------+
| assignment |
| credential |
| domain |
| endpoint |
| group |
| migrate_version |
| policy |
| project |
| region |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
+-----------------------+
keystone同步的时候使用的root用户,生成的日志也为root用户,可以sudo -u keystone keystone-manage db_sync
否则会因为日志权限问题无法写入日志导致服务启动失败,所以需要重新授权
[root@openstack-1 ~]# chown keystone.keystone /var/log/keystone/keystone.log
启动服务
[root@openstack-1 ~]# /etc/init.d/openstack-keystone start
Starting keystone: [ OK ]
看一下日志
[root@openstack-1 ~]# tail -4 /var/log/keystone/keystone.log
2017-04-05 17:02:38.168 19258 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:35357
2017-04-05 17:02:38.170 19258 INFO keystone.common.environment.eventlet_server [-] Starting /usr/bin/keystone-all on 0.0.0.0:5000
2017-04-05 17:02:38.175 19258 INFO eventlet.wsgi.server [-] (19258) wsgi starting up on http://0.0.0.0:35357/
2017-04-05 17:02:38.175 19258 INFO eventlet.wsgi.server [-] (19258) wsgi starting up on http://0.0.0.0:5000/
可以看到启动了35357端口和5000端口
[root@openstack-1 ~]# ss -nlpt | egrep '5000|35357'
LISTEN 0 128 *:35357 *:* users:(("keystone-all",19258,4))
LISTEN 0 128 *:5000 *:* users:(("keystone-all",19258,6))
可以看到监听了*所有端口,可以在配置文件中设置
#public_bind_host=0.0.0.0
#admin_bind_host=0.0.0.0
public是对外的,admin是对内的,实质上都是keystone服务。
keystone的主要命令
keystone主要是三大类命令,list,create和delete
[root@openstack-1 ~]# keystone --help | grep list
ec2-credentials-list
endpoint-list List configured service endpoints.
role-list List all roles.
service-list List all services in Service Catalog.
tenant-list List all tenants.
user-list List users.
user-role-list List roles granted to a user.
[root@openstack-1 ~]# keystone --help | grep create
ec2-credentials-create
endpoint-create Create a new endpoint associated with a service.
role-create Create new role.
service-create Add service to Service Catalog.
tenant-create Create new tenant.
user-create Create new user
[root@openstack-1 ~]# keystone --help | grep delete
ec2-credentials-delete
endpoint-delete Delete a service endpoint.
role-delete Delete role.
service-delete Delete service from Service Catalog.
tenant-delete Delete tenant.
user-delete Delete user.
角色配置
[root@openstack-1 ~]# keystone role-list
Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]
目前什么有没有,我们需要通过TOKEN环境变量来实现,ADMIN即为配置的TOKEN,一定要设置的复杂些
配置环境变量
[root@openstack-1 ~]# export OS_SERVICE_TOKEN=ADMIN
[root@openstack-1 ~]# export OS_SERVICE_ENDPOINT=http://192.168.0.206:35357/v2.0
[root@openstack-1 ~]# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+----------+
创建租户
[root@openstack-1 ~]# keystone tenant-create --name=admin --description="Admin Tenant"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 8f3a33c020c445a395d203d711b2b145 |
| name | admin |
+-------------+----------------------------------+
注意这个警告并不影响openstack的正常使用
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
[root@openstack-1 ~]# keystone tenant-create --name=service --description="Service Tenant"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 78359fd9b227418ba3987eea0d22f291 |
| name | service |
+-------------+----------------------------------+
添加管理员用户
[root@openstack-1 ~]# keystone user-create --name=admin --pass=admin --email=why@whysdomain.com
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | why@whysdomain.com |
| enabled | True |
| id | 1b42867e5ea345b8837d10b2e97fd8b7 |
| name | admin |
| username | admin |
+----------+----------------------------------+
创建管理员角色
[root@openstack-1 ~]# keystone role-create --name=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 08ab002181204f3fb800fe25a2e0c0df |
| name | admin |
+----------+----------------------------------+
为管理员分配管理员角色
[root@openstack-1 ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
keystone服务建立service
[root@openstack-1 ~]# keystone service-create --name=keystone --type=identity --description="keystone identity service"
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | keystone identity service |
| enabled | True |
| id | f634a47ae9ac450f87e90d76ee8a4215 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
keystone的service和endpoint关联(endpoint可以认为为一个服务的访问点)
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://192.168.0.206:5000/v2.0 --internalurl=http://192.168.0.206:5000/v2.0 --adminurl=http://192.168.0.206:35357/v2.0
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.0.206:35357/v2.0 |
| id | 89a6938a0ff246ebbf26d765474ac167 |
| internalurl | http://192.168.0.206:5000/v2.0 |
| publicurl | http://192.168.0.206:5000/v2.0 |
| region | regionOne |
| service_id | f634a47ae9ac450f87e90d76ee8a4215 |
+-------------+----------------------------------+
取消token变量
[root@openstack-1 ~]# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
检验
[root@openstack-1 ~]# keystone --os-username=admin --os-password=admin --os-auth-url=http://192.168.0.206:35357/v2.0 token-get
[root@openstack-1 ~]# keystone --os-username=admin --os-password=admin --os-tenant-name=admin --os-auth-url=http://192.168.0.206:35357/v2.0 token-get
创建认证环境变量
[root@openstack-1 ~]# vi keystone-admin
[root@openstack-1 ~]# cat keystone-admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://192.168.0.206:35357/v2.0
[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone token-get
安装Glance
安装Glance
Glance提供系统镜像的注册,查询,查询,存储(存储不在Glance上,默认是在本地硬盘,也支持glusterfs,ceph,swift,s3等),当然快照管理也由Glance完成,由glance-api,glance-registry和image store组成。
[root@openstack-1 ~]# yum install -y openstack-glance python-glanceclient python-crypto
配置Glance
[root@openstack-1 ~]# vi /etc/glance/glance-api.conf
#connection=mysql://glance:glance@localhost/glance
改为
connection=mysql://glance:glance@192.168.0.206/glance
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
改为
debug=True
#log_file=/var/log/glance/api.log
改为
log_file=/var/log/glance/api.log
配置rabbitmq
# notifier_strategy = default
# Driver or drivers to handle sending notifications
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
#rabbit_host=localhost
#rabbit_port=5672
#rabbit_use_ssl=false
#rabbit_userid=guest
#rabbit_password=guest
#rabbit_virtual_host=/
#rabbit_notification_exchange=glance
#rabbit_notification_topic=notifications
#rabbit_durable_queues=False
改为上边notifier_strategy为rabbit,打开下边的注释
notifier_strategy = rabbit
# Driver or drivers to handle sending notifications
# notification_driver = noop
# Default publisher_id for outgoing notifications.
# default_publisher_id = image.localhost
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rabbit_virtual_host=/
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
rabbit_durable_queues=False
配置glance-registry
[root@openstack-1 ~]# vi /etc/glance/glance-registry.conf
#connection=mysql://glance:glance@localhost/glance
改为
connection=mysql://glance:glance@192.168.0.206/glance
# Show debugging output in logs (sets DEBUG log level output)
#debug=False
改为
debug=True
#log_file=/var/log/glance/registry.log
改为
log_file=/var/log/glance/registry.log
同步数据库
[root@openstack-1 ~]# glance-manage db_sync
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u glance -pglance -e 'use glance;show tables'
+------------------+
| Tables_in_glance |
+------------------+
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| migrate_version |
| task_info |
| tasks |
+------------------+
配置glance-api
[root@openstack-1 ~]# vi /etc/glance/glance-api.conf
[keystone_authtoken]
#auth_host=127.0.0.1
#auth_port=35357
#auth_protocol=http
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
#flavor=
改为
flavor=keystone
[root@openstack-1 ~]# vi /etc/glance/glance-registry.conf
[keystone_authtoken]
#auth_host=127.0.0.1
#auth_port=35357
#auth_protocol=http
#admin_tenant_name=%SERVICE_TENANT_NAME%
#admin_user=%SERVICE_USER%
#admin_password=%SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
#flavor=
改为
flavor=keystone
查看glance-api配置
[root@openstack-1 ~]# egrep '^[a-z]' /etc/glance/glance-api.conf
debug=True
log_file=/var/log/glance/api.log
notifier_strategy = rabbit
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rabbit_virtual_host=/
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
rabbit_durable_queues=False
connection=mysql://glance:glance@192.168.0.206/glance
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
flavor=keystone
[root@openstack-1 ~]# egrep '^[a-z]' /etc/glance/glance-registry.conf
debug=True
log_file=/var/log/glance/registry.log
connection=mysql://glance:glance@192.168.0.206/glance
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
admin_tenant_name=service
admin_user=glance
admin_password=glance
flavor=keystone
创建用户
[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone user-create --name=glance --pass=glance
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | edc440a00bf34d948cea0c1193cf7d00 |
| name | glance |
| username | glance |
+----------+----------------------------------+
添加角色
[root@openstack-1 ~]# keystone user-role-add --user=glance --tenant=service --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
创建服务
[root@openstack-1 ~]# keystone service-create --name=glance --type=image
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | a66638362d1d4f9c905fdc419e979a6f |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建endpoint
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.0.206:9292 --internalurl=http://192.168.0.206:9292 --adminurl=http://192.168.0.206:9292
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.0.206:9292 |
| id | b3040442c15941de89f237f95f6bdca9 |
| internalurl | http://192.168.0.206:9292 |
| publicurl | http://192.168.0.206:9292 |
| region | regionOne |
| service_id | a66638362d1d4f9c905fdc419e979a6f |
+-------------+----------------------------------+
如果endpoint注册出问题,后边服务不能用
[root@openstack-1 ~]# keystone service-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+---------------------------+
| a66638362d1d4f9c905fdc419e979a6f | glance | image | |
| f634a47ae9ac450f87e90d76ee8a4215 | keystone | identity | keystone identity service |
+----------------------------------+----------+----------+---------------------------+
[root@openstack-1 ~]# keystone endpoint-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+
| 89a6938a0ff246ebbf26d765474ac167 | regionOne | http://192.168.0.206:5000/v2.0 | http://192.168.0.206:5000/v2.0 | http://192.168.0.206:35357/v2.0 | f634a47ae9ac450f87e90d76ee8a4215 |
| b3040442c15941de89f237f95f6bdca9 | regionOne | http://192.168.0.206:9292 | http://192.168.0.206:9292 | http://192.168.0.206:9292 | a66638362d1d4f9c905fdc419e979a6f |
+----------------------------------+-----------+--------------------------------+--------------------------------+---------------------------------+----------------------------------+
授权glance日志
[root@openstack-1 ~]# chown -R glance.glance /var/log/glance/*
启动服务
[root@openstack-1 ~]# /etc/init.d/openstack-glance-api start
Starting openstack-glance-api: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-glance-registry start
Starting openstack-glance-registry: [ OK ]
查看日志
[root@openstack-1 ~]# tail -3 /var/log/glance/api.log
2017-04-05 22:05:41.132 22929 INFO glance.wsgi.server [-] Starting 1 workers
2017-04-05 22:05:41.135 22929 INFO glance.wsgi.server [-] Started child 22938
2017-04-05 22:05:41.147 22938 INFO glance.wsgi.server [-] (22938) wsgi starting up on http://0.0.0.0:9292/
[root@openstack-1 ~]# tail -3 /var/log/glance/registry.log
2017-04-05 22:05:59.467 22952 INFO glance.wsgi.server [-] Starting 1 workers
2017-04-05 22:05:59.481 22952 INFO glance.wsgi.server [-] Started child 22958
2017-04-05 22:05:59.495 22958 INFO glance.wsgi.server [-] (22958) wsgi starting up on http://0.0.0.0:9191/
启动了9191和9292端口
[root@openstack-1 ~]# ss -nlpt | egrep '9191|9292'
LISTEN 0 128 *:9292 *:* users:(("glance-api",22929,5),("glance-api",22938,5))
LISTEN 0 128 *:9191 *:* users:(("glance-registry",22952,4),("glance-registry",22958,4))
查看镜像
[root@openstack-1 ~]# glance image-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----+------+-------------+------------------+------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+----+------+-------------+------------------+------+--------+
+----+------+-------------+------------------+------+--------+
出现这个即为正常,现在没有镜像
下载镜像
[root@openstack-1 ~]# wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
上传镜像
[root@openstack-1 ~]# glance image-create --name "cirros-0.3.3-x86_64" --disk-format qcow2 --container-format bare --is-public True --file cirros-0.3.3-x86_64-disk.img
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2017-04-05T14:28:22 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | b46e76d0-6143-4120-bfee-04150cdfe91c |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.3-x86_64 |
| owner | 8f3a33c020c445a395d203d711b2b145 |
| protected | False |
| size | 13200896 |
| status | active |
| updated_at | 2017-04-05T14:28:22 |
| virtual_size | None |
+------------------+--------------------------------------+
查看镜像
[root@openstack-1 ~]# glance image-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
| b46e76d0-6143-4120-bfee-04150cdfe91c | cirros-0.3.3-x86_64 | qcow2 | bare | 13200896 | active |
+--------------------------------------+---------------------+-------------+------------------+----------+--------+
可以看到刚才上传的镜像
安装Nova
- api 处理用户请求,通过消息队列通知其他组件
- scheduler 决策虚拟机创建在哪个主机,根据Filter(过滤满足条件的主机)和Weight,如果报错可能是nove computer未启动或者资源不够等
- Cert 负责身份认证
- novncproxy VNC的代理,转发VNC的请求
- consoleauth 控制台认证
- conductor 计算节点访问数据的中间件
安装nova
[root@openstack-1 ~]# yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
配置nova数据库连接
[root@openstack-1 ~]# vi /etc/nova/nova.conf
#connection=mysql://nova:nova@localhost/nova
改为
connection=mysql://nova:nova@192.168.0.206/nova
[root@openstack-1 ~]# mysql -h 192.168.0.206 -u nova -pnova -e "use nova;show tables"
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_faults |
| instance_group_member |
| instance_group_metadata |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| iscsi_targets |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_metadata |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_iscsi_targets |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| shadow_volumes |
| snapshot_id_mappings |
| snapshots |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
| volumes |
+--------------------------------------------+
配置nova的rabbit-mq
#rabbit_host=localhost
# The RabbitMQ broker port where a single node is used.
# (integer value)
#rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
#rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
#rabbit_userid=guest
# The RabbitMQ password. (string value)
#rabbit_password=guest
改为
rabbit_host=192.168.0.206
# The RabbitMQ broker port where a single node is used.
# (integer value)
rabbit_port=5672
# RabbitMQ HA cluster host:port pairs. (list value)
#rabbit_hosts=$rabbit_host:$rabbit_port
# Connect over SSL for RabbitMQ. (boolean value)
rabbit_use_ssl=false
# The RabbitMQ userid. (string value)
rabbit_userid=guest
# The RabbitMQ password. (string value)
rabbit_password=guest
#rpc_backend=rabbit
改为
rpc_backend=rabbit
创建nova用户
[root@openstack-1 ~]# keystone user-create --name=nova --pass=nova
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | c30793f468084a509950d49f3003d7b8 |
| name | nova |
| username | nova |
+----------+----------------------------------+
[root@openstack-1 ~]# keystone user-role-add --user=nova --tenant=service --role=admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
配置nova的keystone认证
# Host providing the admin Identity API endpoint (string
# value)
#auth_host=127.0.0.1
# Port of the admin Identity API endpoint (integer value)
#auth_port=35357
# Protocol of the admin Identity API endpoint(http or https)
# (string value)
#auth_protocol=http
# Complete public Identity API endpoint (string value)
#auth_uri=<None>
# API version of the admin Identity API endpoint (string
# value)
#auth_version=v2.0
改为
# Host providing the admin Identity API endpoint (string
# value)
auth_host=192.168.0.206
# Port of the admin Identity API endpoint (integer value)
auth_port=35357
# Protocol of the admin Identity API endpoint(http or https)
# (string value)
auth_protocol=http
# Complete public Identity API endpoint (string value)
auth_uri=http://192.168.0.206:5000
# API version of the admin Identity API endpoint (string
# value)
auth_version=v2.0
# Keystone account username (string value)
#admin_user=%SERVICE_USER%
# Keystone account password (string value)
#admin_password=%SERVICE_PASSWORD%
# Keystone service account tenant name to validate user tokens
# (string value)
#admin_tenant_name=%SERVICE_TENANT_NAME%
改为
# Keystone account username (string value)
admin_user=nova
# Keystone account password (string value)
admin_password=nova
# Keystone service account tenant name to validate user tokens
# (string value)
admin_tenant_name=service
#auth_strategy=noauth
改为
auth_strategy=keystone
#novncproxy_base_url=http://127.0.0.1:6080/vnc_auto.html
改为
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html
#vncserver_listen=127.0.0.1
改为
vncserver_listen=0.0.0.0
#vncserver_proxyclient_address=127.0.0.1
改为
vncserver_proxyclient_address=192.168.0.206
#vnc_enabled=true
改为
vnc_enabled=true
#vnc_keymap=en-us
改为
vnc_keymap=en-us
#my_ip=10.0.0.1
改为
my_ip=192.168.0.206
这是为了修改glance的ip,#glance_host=$my_ip,还有好多的配置都依赖于my_id
以上有些只是取消了注释只是代表这些是在分服务安装openstack的时候需要的,使用默认也是可以的,以下是一些路径
#lock_path=/var/lib/nova/tmp
#state_path=/var/lib/nova 状态路径
#instances_path=$state_path/instances 虚拟机存放位置
#compute_driver=libvirt.LibvirtDriver 后端使用libvirt
查看完整的nova配置文件
[root@openstack-1 ~]# grep '^[a-z]' /etc/nova/nova.conf
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rpc_backend=rabbit
my_ip=192.168.0.206
state_path=/var/lib/nova
auth_strategy=keystone
instances_path=$state_path/instances
glance_host=$my_ip
lock_path=/var/lib/nova/tmp
compute_driver=libvirt.LibvirtDriver
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.0.206
vnc_enabled=true
vnc_keymap=en-us
connection=mysql://nova:nova@192.168.0.206/nova
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
auth_uri=http://192.168.0.206:5000
auth_version=v2.0
admin_user=nova
admin_password=nova
admin_tenant_name=service
创建nova服务
[root@openstack-1 ~]# keystone service-create --name=nova --type=compute
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 20a727144a2849d9a73b2e19ee81d9bd |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list|awk '/ compute / {print $2}') --publicurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s --internalurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s --adminurl=http://192.168.0.206:8774/v2/%\(tenant_id\)s
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+--------------------------------------------+
| Property | Value |
+-------------+--------------------------------------------+
| adminurl | http://192.168.0.206:8774/v2/%(tenant_id)s |
| id | f1c73026369c47ac861a9f3533751760 |
| internalurl | http://192.168.0.206:8774/v2/%(tenant_id)s |
| publicurl | http://192.168.0.206:8774/v2/%(tenant_id)s |
| region | regionOne |
| service_id | 20a727144a2849d9a73b2e19ee81d9bd |
+-------------+--------------------------------------------+
根据传给的租户ID进行返回
启动nova服务
[root@openstack-1 ~]# /etc/init.d/openstack-nova-api start
Starting openstack-nova-api: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-cert start
Starting openstack-nova-cert: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-conductor start
Starting openstack-nova-conductor: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-consoleauth start
Starting openstack-nova-consoleauth: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-novncproxy start
Starting openstack-nova-novncproxy: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-scheduler start
Starting openstack-nova-scheduler: [ OK ]
查看nova的服务
[root@openstack-1 ~]# nova host-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------+-------------+----------+
| host_name | service | zone |
+----------------------------+-------------+----------+
| openstack-1.whysdomain.com | conductor | internal |
| openstack-1.whysdomain.com | consoleauth | internal |
| openstack-1.whysdomain.com | scheduler | internal |
| openstack-1.whysdomain.com | cert | internal |
+----------------------------+-------------+----------+
安装nova-compute
注意在第二台机器上操作
检查是否支持kvm
[root@openstack-2 ~]# egrep '(vmx|svm)' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc up arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf unfair_spinlock pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi ept vpid fsgsbase smep
安装依赖
[root@openstack-2 ~]# yum install -y qemu-kvm libvirt openstack-nova-compute python-novaclient
配置nova-compute
从openstack-1节点拷贝配置文件
[root@openstack-1 ~]# scp /etc/nova/nova.conf 192.168.0.207:/etc/nova/nova.conf
修改配置文件
[root@openstack-2 ~]# vi /etc/nova/nova.conf
vncserver_proxyclient_address=192.168.0.206
改为本机的IP,每个节点的vncserver的ip是不同的
vncserver_proxyclient_address=192.168.0.207
vncserver负责提供控制台服务
[root@openstack-2 ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon: [ OK ]
[root@openstack-2 ~]# /etc/init.d/messagebus start
Starting system message bus:
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute start
Starting openstack-nova-compute: [ OK ]
如果出现以下问题
[root@openstack-2 ~]# /etc/init.d/libvirtd start
Starting libvirtd daemon: libvirtd: relocation error: libvirtd: symbol dm_task_get_info_with_deferred_remove, version Base not defined in file libdevmapper.so.1.02 with link time reference
[FAILED]
执行
[root@openstack-2 ~]# yum upgrade device-mapper-libs
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute restart
Stopping openstack-nova-compute: [FAILED]
Starting openstack-nova-compute: [ OK ]
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute status
openstack-nova-compute (pid 4620) is running...
在openstack-1节点上可以看到compute已经注册过来
[root@openstack-1 ~]# nova host-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------+-------------+----------+
| host_name | service | zone |
+----------------------------+-------------+----------+
| openstack-1.whysdomain.com | conductor | internal |
| openstack-1.whysdomain.com | consoleauth | internal |
| openstack-1.whysdomain.com | scheduler | internal |
| openstack-1.whysdomain.com | cert | internal |
| openstack-2.whysdomain.com | compute | nova |
+----------------------------+-------------+----------+
注意主机名不要随意修改,如果修改会认为是一个新的节点加进来,并且删除主机上的虚拟机。
Neutron
Openstack中就类似一个网络,每台虚拟机为一台主机,通过连接到交换机进行互连,通过路由器进行连接上网。
Neutron实现了数据链路层通过linuxbridge实现,网络层通过iptables和route等实现,传输层通过Lbaas haproxy实现,应用层通过Ibass实现。
网络类型
- 公共网络,与外部网络进行通信
- 管理网络,云主机之间进行通信
- 存储网络,例如iscsi和glusterFS
- 服务网络,虚拟机内部使用的网络
这四种网络可以是一个网卡提供,也可以是每个网卡来提供一种网络
安装Neutron
[root@openstack-1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge
配置neutron
[root@openstack-1 ~]# vi /etc/neutron/neutron.conf
# connection = mysql://root:pass@127.0.0.1:3306/neutron
改为
connection = mysql://neutron:neutron@192.168.0.206:3306/neutron
创建neutron服务
[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone user-create --name neutron --pass neutron
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | d59ce691fc51408cb1c1192b0f426f64 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
[root@openstack-1 ~]# keystone user-role-add --user neutron --tenant service --role admin
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
继续配置neutron
[root@openstack-1 ~]# vi /etc/neutron/neutron.conf
[keystone_authtoken]
# auth_host = 127.0.0.1
# auth_port = 35357
# auth_protocol = http
# admin_tenant_name = %SERVICE_TENANT_NAME%
# admin_user = %SERVICE_USER%
# admin_password = %SERVICE_PASSWORD%
改为
[keystone_authtoken]
auth_host = 192.168.0.206
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
# auth_strategy = noauth
改为
auth_strategy = keystone
# api_paste_config = /usr/share/neutron/api-paste.ini
改为
api_paste_config = /usr/share/neutron/api-paste.ini
# IP address of the RabbitMQ installation
# rabbit_host = localhost
# Password of the RabbitMQ server
# rabbit_password = guest
# Port where RabbitMQ server is running/listening
# rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
# rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
# rabbit_virtual_host = /
改为
# IP address of the RabbitMQ installation
rabbit_host = 192.168.0.206
# Password of the RabbitMQ server
rabbit_password = guest
# Port where RabbitMQ server is running/listening
rabbit_port = 5672
# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672)
# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port'
# rabbit_hosts = localhost:5672
# User ID used for RabbitMQ connections
rabbit_userid = guest
# Location of a virtual RabbitMQ installation.
rabbit_virtual_host = /
# notify_nova_on_port_status_changes = False
改为
notify_nova_on_port_status_changes = True
# notify_nova_on_port_data_changes = False
改为
notify_nova_on_port_data_changes = True
# nova_url = http://127.0.0.1:8774/v2
改为
nova_url = http://192.168.0.206:8774/v2
# nova_admin_username =
改为
nova_admin_username = nova
# nova_admin_tenant_id =
改为keystone tenant-list获取到的service的id值
nova_admin_tenant_id = 78359fd9b227418ba3987eea0d22f291
# nova_admin_password =
改为
nova_admin_password = nova
# nova_admin_auth_url =
改为keystone的url
nova_admin_auth_url = http://192.168.0.206:35357/v2.0
# debug = False
改为
debug = True
# root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
改为
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
这个配置用于sudo
# core_plugin =
改为
core_plugin = ml2
核心插件ml2
# service_plugins =
改为
service_plugins = router,firewall,lbaas
# state_path = /var/lib/neutron
# lock_path = $state_path/lock
也取消配置即可
配置neutron-ml2
[root@openstack-1 ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# type_drivers = local,flat,vlan,gre,vxlan
改为
type_drivers = flat,vlan,gre,vxlan
# tenant_network_types = local
改为
tenant_network_types = flat,vlan,gre,vxlan
# mechanism_drivers =
改为
mechanism_drivers = openvswitch,linuxbridge
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
改为
[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
flat_networks = physnet1
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *
在linuxbridge中physnet1对应的为一个网卡
# enable_security_group = True
改为
enable_security_group = True
配置linuxbridge
[root@openstack-1 ~]# vi /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
# network_vlan_ranges =
改为
network_vlan_ranges = physnet1
# physical_interface_mappings =
改为
physical_interface_mappings = physnet1:eth0
物理网卡对应eth0
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
改为
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
防火墙驱动
# enable_security_group = True
改为
enable_security_group = True
配置nova
[root@openstack-1 ~]# vi /etc/nova/nova.conf
#neutron_url=http://127.0.0.1:9696
改为
neutron_url=http://192.168.0.206:9696
#neutron_admin_username=<None>
改为
neutron_admin_username=neutron
#neutron_admin_password=<None>
改为
neutron_admin_password=neutron
#neutron_admin_tenant_id=<None>
改为
neutron_admin_tenant_id= 78359fd9b227418ba3987eea0d22f291
#neutron_admin_tenant_name=<None>
改为
neutron_admin_tenant_name=service
#neutron_admin_auth_url=http://localhost:5000/v2.0
改为
neutron_admin_auth_url=http://192.168.0.206:5000/v2.0
#neutron_auth_strategy=keystone
改为
neutron_auth_strategy=keystone
#network_api_class=nova.network.api.API
改为
network_api_class=nova.network.neutronv2.api.API
这个配置nova.network.neutronv2.api.API是调用的python的一个方法
[root@openstack-1 ~]# ll /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py
-rw-r--r-- 1 root root 58018 Jul 1 2015 /usr/lib/python2.6/site-packages/nova/network/neutronv2/api.py
其中有
class API(base.Base):
"""API for interacting with the neutron 2.x API."""
_sentinel = object()
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
改为
firewall_driver=nova.virt.firewall.NoopFirewallDriver
nova有自己的防火墙,neutron也有自己的防火墙,我们使用neutron的防火墙进行流量等管理,关闭nova的防火墙
#vif_driver=nova.virt.libvirt.vif.LibvirtGenericVIFDriver
改为
vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
#linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
改为
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
#security_group_api=nova
改为
security_group_api=neutron
重启nova服务
[root@openstack-1 ~]# /etc/init.d/openstack-nova-api restart
Stopping openstack-nova-api: [ OK ]
Starting openstack-nova-api: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-conductor restart
Stopping openstack-nova-conductor: [ OK ]
Starting openstack-nova-conductor: [ OK ]
[root@openstack-1 ~]# /etc/init.d/openstack-nova-scheduler restart
Stopping openstack-nova-scheduler: [ OK ]
Starting openstack-nova-scheduler: [ OK ]
创建neutron的endpoint
[root@openstack-1 ~]# source keystone-admin
[root@openstack-1 ~]# keystone service-create --name neutron --type network
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | d75254fff7c544cba014cc7d49e7d7f6 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.0.206:9696 --internalurl=http://192.168.0.206:9696 --adminurl=http://192.168.0.206:9696
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.0.206:9696 |
| id | 5b91687bb3eb4e2e837f76f778474831 |
| internalurl | http://192.168.0.206:9696 |
| publicurl | http://192.168.0.206:9696 |
| region | regionOne |
| service_id | d75254fff7c544cba014cc7d49e7d7f6 |
+-------------+----------------------------------+
[root@openstack-1 ~]# keystone service-list
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
+----------------------------------+----------+----------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+---------------------------+
| a66638362d1d4f9c905fdc419e979a6f | glance | image | |
| f634a47ae9ac450f87e90d76ee8a4215 | keystone | identity | keystone identity service |
| d75254fff7c544cba014cc7d49e7d7f6 | neutron | network | |
| 20a727144a2849d9a73b2e19ee81d9bd | nova | compute | |
+----------------------------------+----------+----------+---------------------------+
检查各项配置文件
nova.conf
[root@openstack-1 ~]# grep '^[a-z]' /etc/nova/nova.conf
rabbit_host=192.168.0.206
rabbit_port=5672
rabbit_use_ssl=false
rabbit_userid=guest
rabbit_password=guest
rpc_backend=rabbit
my_ip=192.168.0.206
state_path=/var/lib/nova
auth_strategy=keystone
instances_path=$state_path/instances
glance_host=$my_ip
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
neutron_url=http://192.168.0.206:9696
neutron_admin_username=neutron
neutron_admin_password=neutron
neutron_admin_tenant_id=78359fd9b227418ba3987eea0d22f291
neutron_admin_tenant_name=service
neutron_admin_auth_url=http://192.168.0.206:5000/v2.0
neutron_auth_strategy=keystone
security_group_api=neutron
lock_path=/var/lib/nova/tmp
compute_driver=libvirt.LibvirtDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
novncproxy_base_url=http://192.168.0.206:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=192.168.0.206
vnc_enabled=true
vnc_keymap=en-us
connection=mysql://nova:nova@192.168.0.206/nova
auth_host=192.168.0.206
auth_port=35357
auth_protocol=http
auth_uri=http://192.168.0.206:5000
auth_version=v2.0
admin_user=nova
admin_password=nova
admin_tenant_name=service
vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
neutron.conf
[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/neutron.conf
debug = True
state_path = /var/lib/neutron
lock_path = $state_path/lock
core_plugin = ml2
service_plugins = router,firewall,lbaas
api_paste_config = /usr/share/neutron/api-paste.ini
auth_strategy = keystone
rabbit_host = 192.168.0.206
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
rabbit_virtual_host = /
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.0.206:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = 78359fd9b227418ba3987eea0d22f291
nova_admin_password = nova
nova_admin_auth_url = http://192.168.0.206:35357/v2.0
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
auth_host = 192.168.0.206
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
connection = mysql://neutron:neutron@192.168.0.206:3306/neutron
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
ml2_conf.ini
[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,linuxbridge
flat_networks = physnet1
enable_security_group = True
linuxbridge_conf.ini
[root@openstack-1 ~]# grep '^[a-z]' /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = physnet1
physical_interface_mappings = physnet1:eth0
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
测试前台启动
[root@openstack-1 ~]# neutron-server --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini --config-file=/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
2017-04-06 23:33:00.131 37544 INFO neutron.service [-] Neutron service started, listening on 0.0.0.0:9696
2017-04-06 23:33:00.156 37544 INFO neutron.wsgi [-] (37544) wsgi starting up on http://0.0.0.0:9696/
2017-04-06 23:33:00.168 37544 INFO neutron.openstack.common.rpc.common [-] Connected to AMQP server on 192.168.0.206:5672
可以看到启动了的9696端口
修改启动脚本
这个默认启动脚本有一些问题
[root@openstack-1 ~]# cp /etc/init.d/neutron-server /etc/init.d/neutron-server.why
[root@openstack-1 ~]# vi /etc/init.d/neutron-server
configs=(
"/usr/share/$prog/$prog-dist.conf" \
"/etc/$prog/$prog.conf" \
"/etc/$prog/plugin.ini" \
)
改为
configs=(
"/etc/neutron/neutron.conf" \
"/etc/neutron/plugins/ml2/ml2_conf.ini" \
"/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini" \
)
启动服务
[root@openstack-1 ~]# /etc/init.d/neutron-server start
Starting neutron: [ OK ]
/etc/init.d/neutron-linuxbridge-agent也需要同样的修改
[root@openstack-1 ~]# cp /etc/init.d/neutron-linuxbridge-agent /etc/init.d/neutron-linuxbridge-agent.why
[root@openstack-1 ~]# vi /etc/init.d/neutron-linuxbridge-agent
[root@openstack-1 ~]# !$ start
/etc/init.d/neutron-linuxbridge-agent start
Starting neutron-linuxbridge-agent: [ OK ]
[root@openstack-1 ~]# neutron agent-list
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| c7645f51-8948-4719-b880-f0b2ff885427 | Linux bridge agent | openstack-1.whysdomain.com | :-) | True |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
节点2安装neutron
第二个节点也要安装
[root@openstack-2 ~]# yum install -y openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge
从第一个节点上拷贝配置文件
[root@openstack-1 ~]# scp /etc/nova/nova.conf 192.168.0.207:/etc/nova/
[root@openstack-1 ~]# scp /etc/neutron/neutron.conf 192.168.0.207:/etc/neutron/
[root@openstack-1 ~]# scp /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini 192.168.0.207:/etc/neutron/plugins/linuxbridge/
[root@openstack-1 ~]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 192.168.0.207:/etc/neutron/plugins/ml2/
[root@openstack-1 ~]# scp /etc/init.d/neutron-* 192.168.0.207:/etc/init.d/
修改/etc/nova/nova.conf的vnc的IP地址
[root@openstack-2 ~]# vi /etc/nova/nova.conf
vncserver_proxyclient_address=192.168.0.207
重启服务
[root@openstack-2 ~]# /etc/init.d/openstack-nova-compute restart
Stopping openstack-nova-compute: [ OK ]
Starting openstack-nova-compute: [ OK ]
启动服务
[root@openstack-2 ~]# /etc/init.d/neutron-server start
Starting neutron: [ OK ]
[root@openstack-2 ~]# /etc/init.d/neutron-linuxbridge-agent start
Starting neutron-linuxbridge-agent: [ OK ]
查看neutron服务
在一节点可以查看到两台主机
[root@openstack-1 ~]# neutron agent-list
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
| 3f4c481e-c3da-40e4-a9af-9387174b3f37 | Linux bridge agent | openstack-2.whysdomain.com | :-) | True |
| c7645f51-8948-4719-b880-f0b2ff885427 | Linux bridge agent | openstack-1.whysdomain.com | :-) | True |
+--------------------------------------+--------------------+----------------------------+-------+----------------+
安装openstack-dashboard
下载openstack-dashboard
[root@openstack-1 ~]# yum install -y httpd mod_wsgi memcached python-memcached openstack-dashboard
启动memcached
[root@openstack-1 ~]# /etc/init.d/memcached start
Starting memcached: [ OK ]
配置openstack-dashboard
[root@openstack-1 ~]# vim /etc/openstack-dashboard/local_settings
# CACHES = {
# 'default': {
# 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION' : '127.0.0.1:11211',
# }
#}
取消注释
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211',
}
}
OPENSTACK_HOST = "127.0.0.1"
改为keystone的ip地址
OPENSTACK_HOST = "192.168.0.206"
ALLOWED_HOSTS = ['horizon.example.com', 'localhost']
改为
ALLOWED_HOSTS = ['horizon.example.com', 'localhost','192.168.0.206']
创建网络
[root@openstack-1 ~]# neutron net-create --tenant-id 8f3a33c020c445a395d203d711b2b145 flat_net --shared --provider:network_type flat --provider:physical_network physnet1
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 30f426df-c7c7-4e98-a894-c2a27e792e09 |
| name | flat_net |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | 8f3a33c020c445a395d203d711b2b145 |
+---------------------------+--------------------------------------+
[root@openstack-1 ~]# neutron net-list
+--------------------------------------+----------+---------+
| id | name | subnets |
+--------------------------------------+----------+---------+
| 30f426df-c7c7-4e98-a894-c2a27e792e09 | flat_net | |
+--------------------------------------+----------+---------+
通过web访问 http://192.168.0.206/dashboard
使用创建的admin用户登录即可,系统面板的概况
虚拟机管理器中是计算节点,主机名,类型(kvm也显示qemu)和一些硬件信息
镜像中可以看到刚才上传的镜像
网络中就有刚才创建的网络
点进去可以看到网络的详情
在这里创建子网
可以看到创建的子网
在项目中选择实例
启动虚拟机,进行
查看桥接网卡
[root@openstack-2 ~]# ifconfig
brq30f426df-c7 Link encap:Ethernet HWaddr 00:0C:29:1B:07:C2
inet addr:192.168.0.207 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::4056:25ff:fe90:d6e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2491 errors:0 dropped:0 overruns:0 frame:0
TX packets:2747 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588108 (574.3 KiB) TX bytes:675936 (660.0 KiB)
eth0 Link encap:Ethernet HWaddr 00:0C:29:1B:07:C2
inet6 addr: fe80::20c:29ff:fe1b:7c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:220187 errors:0 dropped:0 overruns:0 frame:0
TX packets:143149 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141843749 (135.2 MiB) TX bytes:24673547 (23.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:169253 errors:0 dropped:0 overruns:0 frame:0
TX packets:169253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8886687 (8.4 MiB) TX bytes:8886687 (8.4 MiB)
tapd8458bd7-c4 Link encap:Ethernet HWaddr FE:16:3E:7C:01:29
inet6 addr: fe80::fc16:3eff:fe7c:129/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1464 (1.4 KiB) TX bytes:4376 (4.2 KiB)
virbr0 Link encap:Ethernet HWaddr 52:54:00:B3:EB:5B
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
[root@openstack-2 ~]# brctl show
bridge name bridge id STP enabled interfaces
brq30f426df-c7 8000.000c291b07c2 no eth0
tapd8458bd7-c4
virbr0 8000.525400b3eb5b yes virbr0-nic
可以看到创建成功的主机
已知bug
在class FloatingIpManager类里少了is_supported的方法,这个是一个bug,可以通过手动修改解决。
[root@openstack-1 ~]# vim /usr/share/openstack-dashboard/openstack_dashboard/api/neutron.py
在class FloatingIpManager下
def is_simple_associate_supported(self):
# NOTE: There are two reason that simple association support
# needs more considerations. (1) Neutron does not support the
# default floating IP pool at the moment. It can be avoided
# in case where only one floating IP pool exists.
# (2) Neutron floating IP is associated with each VIF and
# we need to check whether such VIF is only one for an instance
# to enable simple association support.
return False
#在这个类的最下面,增加下面的方法,注意缩进。
def is_supported(self):
network_config = getattr(settings, 'OPENSTACK_NEUTRON_NETWORK', {})
return network_config.get('enable_router', True)
重启http服务即可
[root@openstack-1 ~]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
如果控制台没有显示可以查看
[root@openstack-1 ~]# ss -nlpt | grep 6080
[root@openstack-1 ~]# /etc/init.d/openstack-nova-novncproxy status
openstack-nova-novncproxy dead but pid file exists
如果有以上两种情况,是因为websockify版本太低,升级websockify版本即可
[root@openstack-1 ~]# pip install websockify==0.5.1
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 7.1.0, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting websockify==0.5.1
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Downloading websockify-0.5.1.tar.gz (833kB)
100% |████████████████████████████████| 835kB 43kB/s
Requirement already satisfied (use --upgrade to upgrade): numpy in /usr/lib64/python2.6/site-packages (from websockify==0.5.1)
Installing collected packages: websockify
Found existing installation: websockify 0.6.0
Uninstalling websockify-0.6.0:
Successfully uninstalled websockify-0.6.0
Running setup.py install for websockify
Successfully installed websockify-0.5.1
开启计算节点的内核转发
[root@openstack-2 ~]# vi /etc/sysctl.conf
[root@openstack-2 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
配置启动主机的IP地址
[root@openstack-1 ~]# ping 192.168.0.212
PING 192.168.0.212 (192.168.0.212) 56(84) bytes of data.
64 bytes from 192.168.0.212: icmp_seq=1 ttl=64 time=0.874 ms
64 bytes from 192.168.0.212: icmp_seq=2 ttl=64 time=0.602 ms
^C
--- 192.168.0.212 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1408ms
rtt min/avg/max/mdev = 0.602/0.738/0.874/0.136 ms
创建的实例存储位置
[root@openstack-2 ~]# ll /var/lib/nova/instances/
total 16
drwxr-xr-x. 2 nova nova 4096 Apr 7 02:47 4f595ded-38ff-4e95-b8d4-ce68e6e387b1
drwxr-xr-x. 2 nova nova 4096 Apr 7 02:40 _base
-rw-r--r--. 1 nova nova 50 Apr 9 03:23 compute_nodes
drwxr-xr-x. 2 nova nova 4096 Apr 7 02:40 locks
[root@openstack-2 ~]# tree /var/lib/nova/instances/
/var/lib/nova/instances/
├── 4f595ded-38ff-4e95-b8d4-ce68e6e387b1
│ ├── console.log
│ ├── disk
│ ├── disk.info
│ └── libvirt.xml
├── _base
│ └── 6dcdd0e8b408cdf13c44835384f04b2d2c4036ee
├── compute_nodes
└── locks
├── nova-6dcdd0e8b408cdf13c44835384f04b2d2c4036ee
└── nova-storage-registry-lock
3 directories, 8 files
4f595ded-38ff-4e95-b8d4-ce68e6e387b1也正是我们的实例ID
openstack部署完成。
