OpenStack Grizzly版本(Ubuntu 12.04)配置

1.     我们在一天VMware虚拟机上(双网卡)使用Ubuntu 12.04.1 和 OpenVSwitch 1.4.6 来搭建OpenStack的Grizzly版本的平台。 由于OpenVSwitch的版本对Ubuntu系统的内核版本有依赖,建议在安装前请确认二者之间是否兼容。无论是在物理机器中还是VMware 中配置,都需要开启CPU 的虚拟化(Intel VT-x/EPT 或AMD-V/RVI(V)。

需要注意的是:在以下对配置文件的修改过程中,每一个配置行前都不能留空格,以免引起不必要的错误!!!

2.     为了提高Ubuntu 12.04.1的更新速度,将163的源加入/etc/apt/sources.list中。

3.     添加OpenStack Grizzly版本的库:

 

安装:apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring

# cat > /etc/apt/sources.list.d/grizzly.list << _EOF_

deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main

deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/grizzly main

_EOF_

更新软件源和软件:apt-get update; apt-get upgrade

 

4. 安装ssh-server:

apt-get install openssh-server

 

5. 禁用network-manager:

/etc/init.d/NetworkManager stop

 

6. 安装mysql

apt-get install -y mysql-server python-mysqldb

修改mysql的配置文件/etc/mysql/my.cnf:

sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf

# sed -i '44 i skip-name-resolve' /etc/mysql/my.cnf 禁止mysql做域名解析,防止连接mysql出现错误和远程连接mysql慢的现象

在my.cnf中添加:

[client]

default-character-set=utf8

[mysqld]

#default-storage-engine=INNODB

character-set-server=utf8

collation-server=utf8_general_ci

重启mysql服务:
/etc/init.d/mysql restart

7. 安装rabbitMQ

apt-get install -y rabbitmq-server

 

8. 安装NTP服务:

apt-get install -y ntp

 

9. 安装keystone

apt-get install -y keystone

在mysql中创建keystone数据库,并授权用户keystone访问:

# mysql -uroot -p

mysql> create database keystone;

mysql> grant all on keystone.* to 'keystone'@'%' identified by 'keystone';

mysql> flush privileges; quit;

修改/etc/keystone/keystone.conf中的数据库连接:

connection = mysql://keystone:keystone@172.15.0.111/keystone

重启keystone和同步数据库:

service keystone restart

keystone-manage db_sync

 

修改如下两个文件的权限:

chmod +x keystone_basic.sh

chmod +x keystone_endpoints_basic.sh

运行这两个脚本:

./keystone_basic.sh

./keystone_endpoints_basic.sh

创建一个凭证文件:

# cat > /root/creds.sh << _EOF_

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=password

export OS_AUTH_URL="http://172.15.0.111:5000/v2.0/"

_EOF_

# echo 'source /root/creds.sh' >> /root/.bashrc

# source /root/creds.sh

 

10. 安装glance:

apt-get install -y glance

创建glance数据库:

#mysql -uroot -p

mysql> create database glance;

mysql> grant all on glance.* to 'glance'@'%' identified by 'glance';

mysql> flush privileges; quit;

 

修改 /etc/glance/glance-api-paste.ini:

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

delay_auth_decision = true

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = glance

admin_password = password

 

修改 /etc/glance/glance-registry-paste.ini:

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = glance

admin_password = password

 

修改/etc/glance/glance-api.conf:

sql_connection = mysql://glance:glance@172.15.0.111/glance

[paste_deploy]

flavor = keystone

修改/etc/glance/glance-registry.conf:

sql_connection = mysql://glance:glance@172.15.0.111/glance

[paste_deploy]

flavor = keystone

 

重启glance-api和glance-registry服务并同步数据库:

service glance-api restart; service glance-registry restart

glance-manage db_sync

service glance-api restart; service glance-registry restart

 

上传镜像,下载Cirros img作为测试使用:

# wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

# glance image-create --name='cirros' --public --container-format=ovf --disk-format=qcow2 < ./cirros-0.3.0-x86_64-disk.img

查看刚才上传的镜像:

glance image-list

 

11.安装quantum

 

安装openVSwitch:

apt-get install -y openvswitch-switch openvswitch-datapath-dkms

创建网桥:

ovs-vsctl add-br br-int

ovs-vsctl add-br br-ex

ovs-vsctl add-port br-ex eth0 (将eth0加入br-ex)

手动配置网卡配置文件:

#vi /etc/network/interfaces

auto lo

iface lo inet loopback

 

auto eth0

iface eth0 inet manual

up ifconfig $IFACE 0.0.0.0 up

up ip link set $IFACE promisc on

down ip link set $IFACE promisc off

down ifconfig $IFACE down

 

auto br-ex

iface br-ex inet static

address 192.168.8.20

netmask 255.255.255.0

gateway 192.168.8.1

dns-nameservers 208.67.222.222

 

auto eth1

iface eth1 inet static

address 172.15.0.111

netmask 255.255.255.0

 

安装quantum和相关组件:

apt-get install -y quantum-server quantum-plugin-openvswitch quantum-plugin-openvswitch-agent dnsmasq quantum-dhcp-agent quantum-l3-agent

创建数据:

mysql -uroot -p

mysql> create database quantum;

mysql> grant all on quantum.* to 'quantum'@'%' identified by 'quantum';

mysql> flush privileges; quit;

查看quantum的相关组件是否运行:

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i status; done

 

修改/etc/quantum/api-paste.ini:

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = quantum

admin_password = password

修改OVS plugin的配置文件/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini:

#Under the database section

[DATABASE]

sql_connection = mysql://quantum:quantum@172.15.0.111/quantum

#Under the OVS section

[OVS]

tenant_network_type = gre

tunnel_id_ranges = 1:1000

integration_bridge = br-int

tunnel_bridge = br-tun

local_ip = 172.15.0.111

enable_tunneling = True

#Firewall driver for realizing quantum security group function

[SECURITYGROUP]

firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

 

修改/etc/quantum/metadata_agent.ini:

# The Quantum user information for accessing the Quantum API.

auth_url = http://172.15.0.111:35357/v2.0

auth_region = RegionOne

admin_tenant_name = service

admin_user = quantum

admin_password = password

 

# IP address used by Nova metadata server

nova_metadata_ip = 127.0.0.1

 

# TCP Port used by Nova metadata server

nova_metadata_port = 8775

 

metadata_proxy_shared_secret = helloOpenStack

 

修改 /etc/quantum/quantum.conf:

[keystone_authtoken]

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = quantum

admin_password = password

signing_dir = /var/lib/quantum/keystone-signing

 

重启quantum的所有服务:

cd /etc/init.d/; for i in $( ls quantum-* ); do sudo service $i restart; done

service dnsmasq restart

 

 

12. 安装nova:

apt-get install nova-api nova-novncproxy novnc nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-compute nova-conductor

创建数据库:

# mysql -uroot -p

mysql> create database nova;

mysql> grant all on nova.* to 'nova'@'%' identified by 'nova';

mysql> flush privileges; quit;

 

查看nova所有服务的状态:

 

cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done

 

修改配置文件/etc/nova/api-paste.ini:

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = nova

admin_password = password

signing_dirname = /tmp/keystone-signing-nova

# Workaround for http://bugs.launchpad.net/nova/+bug/1154809

auth_version = 2.0v

 

修改 /etc/nova/nova.conf文件:

[DEFAULT]

logdir=/var/log/nova

state_path=/var/lib/nova

lock_path=/var/lock/nova

verbose=True

api_paste_config=/etc/nova/api-paste.ini

compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler

rabbit_host=172.15.0.111

nova_url=http://172.15.0.111:8774/v1.1/

sql_connection=mysql://nova:nova@172.15.0.111/nova

root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

# Auth

use_deprecated_auth=false

auth_strategy=keystone

 

# Imaging

glance_api_servers=172.15.0.111:9292

image_service=nova.image.glance.GlanceImageService 

# Vnc configuration 

novnc_enabled=true

novncproxy_base_url=http://192.168.8.20:6080/vnc_auto.html 

novncproxy_port=6080

vncserver_proxyclient_address=172.15.0.111

vncserver_listen=0.0.0.0

 

# Network settings

network_api_class=nova.network.quantumv2.api.API

quantum_url=http://172.15.0.111:9696

quantum_auth_strategy=keystone

quantum_admin_tenant_name=service

quantum_admin_username=quantum

quantum_admin_password=password

quantum_admin_auth_url=http://172.15.0.111:35357/v2.0

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver

#If you want Quantum + Nova Security groups

firewall_driver=nova.virt.firewall.NoopFirewallDriver

security_group_api=quantum

#If you want Nova Security groups only, comment the two lines above and uncomment line -1-.

#-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver

 

#Metadata

service_quantum_metadata_proxy = True

quantum_metadata_proxy_shared_secret = helloOpenStack

metadata_host = 172.15.0.111

metadata_listen = 127.0.0.1

metadata_listen_port = 8775

 

# Compute #

compute_driver=libvirt.LibvirtDriver

 

# Cinder #

volume_api_class=nova.volume.cinder.API

osapi_volume_listen_port=5900

 

修改/etc/nova/nova-compute.conf文件:

[DEFAULT]

libvirt_type= qemu #kvm主要配置在物理机器上,在vmware上应该配置为qemu

libvirt_ovs_bridge=br-int

libvirt_vif_type=ethernet

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver

libvirt_use_virtio_for_bridges=True

 

同步数据库:

nova-manage db sync

重启nova-*服务:

cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done

检查nova-*服务:

nova-manage service list

 

13. cinder安装

apt-get install cinder-api cinder-common cinder-scheduler cinder-volume python-cinderclient

创建数据库:

#mysql -uroot -p

mysql> create database cinder;

mysql> grant all on cinder.* to 'cinder'@'%' identified by 'cinder';

mysql> flush privileges; quit;

 

修改配置文件/etc/cinder/api-paste.ini:

[filter:authtoken]

paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory

service_protocol = http

service_host = 172.15.0.111

service_port = 5000

auth_host = 172.15.0.111

auth_port = 35357

auth_protocol = http

admin_tenant_name = service

admin_user = cinder

admin_password = password

signing_dir = /var/lib/cinder

 

修改配置文件/etc/cinder/cinder.conf:

[DEFAULT]

rootwrap_config=/etc/cinder/rootwrap.conf

sql_connection = mysql://cinder:cinder@172.15.0.111/cinder

api_paste_config = /etc/cinder/api-paste.ini

iscsi_helper=tgtadm

volume_name_template = volume-%s

volume_group = cinder-volumes

verbose = True

auth_strategy = keystone

state_path = /var/lib/cinder

lock_path = /var/lock/cinder

volume_dir = /var/lib/cinder/volumes

#osapi_volume_listen_port=5900

 

同步数据库:

cinder-manage db sync

重启cinder的服务:

cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; done

查看cinder的服务:

cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; done

 

14. 安装Horizon

apt-get -y install openstack-dashboard memcached

可以选择性删除OpenStack Ubuntu theme:

dpkg --purge openstack-dashboard-ubuntu-theme

修改memcached的监听地址:

# vi /etc/openstack-dashboard/local_settings.py

DEBUG = True

 

重启apache2和memcached服务:

service apache2 restart; service memcached restart

 

15. 创建网络

EXTERNAL_NET_ID=$(quantum net-create external_net1 --router:external=True | awk '/ id / {print $4}')

SUBNET_ID=$(quantum subnet-create external_net1 192.168.8.0/24 --name=external_subnet1 --gateway_ip 192.168.8.1 --enable_dhcp=False | awk '/ id / {print $4}')

 

修改组策略:

# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

 

16. 后续使用

 

posted @ 2014-08-19 19:29  purgiant  阅读(330)  评论(0编辑  收藏  举报