OpenStack Controller HA (2)
2014-06-02 18:10 陈尚华 阅读(639) 评论(0) 编辑 收藏 举报3.安装openstack服务
3.1.安装配置qpid
(1).更新第三方yum源
[root@controller01 ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@controller01 ~]# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
[root@controller01 ~]# yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-8.noarch.rpm
(2).安装配置qpid
[root@controller01 ~]# yum -y install mysql qpid-cpp-server memcached
[root@controller01 ~]# vi /etc/qpidd.conf
………………
auth=no
(3).启动qpid服务
[root@controller01 ~]# service qpidd start
[root@controller01 ~]# chkconfig qpidd on
3.2.安装配置keystone
(1).yum安装keystone
[root@controller01 ~]# yum -y install openstack-keystone
(2).配置keystone服务
[root@controller01 ~]# cp -av /etc/keystone/keystone.conf /etc/keystone/keystone.conf_bak
[root@controller01 ~]# sed -i '/^#/d' /etc/keystone/keystone.conf
[root@controller01 ~]# sed -i '/^$/d' /etc/keystone/keystone.conf
[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@mysqlserver/keystone
[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token c9d9d3ed3c12dd70ede7
[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller01
[root@controller02 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller02
[root@controller01 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
[root@controller01 ~]# scp -r /etc/keystone/ssl root@controller02:/etc/keystone/
[root@controller02 ~]# touch /var/log/keystone/keystone.log
[root@controller01 ~]# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
(3).同步keystone数据库
[root@controller01 ~]# keystone-manage db_sync
(4).启动keystone服务
[root@controller01 ~]# service openstack-keystone start
[root@controller01 ~]# chkconfig openstack-keystone on
(5).配置环境变量
[root@controller01 ~]# vi ~/.bash_profile
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller:5000/v2.0
export SERVICE_ENDPOINT=http://controller:35357/v2.0
export SERVICE_TOKEN=c9d9d3ed3c12dd70ede7
[root@controller01 ~]# source ~/.bash_profile
(6).创建user、定义services和endpoint
[root@controller01 ~]# keystone tenant-create --name=admin --description='Admin Tenant'
[root@controller01 ~]# keystone tenant-create --name=service --description='Service Tenant'
[root@controller01 ~]# keystone user-create --name=admin --pass=password --email=keystone@chensh.net
[root@controller01 ~]# keystone role-create --name=admin
[root@controller01 ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
[root@controller01 ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
[root@controller01 ~]# mkdir /root/config
[root@controller01 ~]# vi /root/config/keystone-endpoint.sh
#!/bin/bash
my_ip=controller
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0
[root@controller01 ~]# sh /root/config/keystone-endpoint.sh
(7).验证keystone
[root@controller01 ~]# keystone user-list
[root@controller01 ~]# keystone role-list
[root@controller01 ~]# keystone endpoint-list
3.3.安装配置glance
(1).yum安装glance
[root@controller01 ~]# yum -y install openstack-glance
(2).创建user、定义services和endpoint
[root@controller01 ~]# keystone user-create --name=glance --pass=service --email=glance@chensh.net
[root@controller01 ~]# keystone user-role-add --user=glance --tenant=service --role=admin
[root@controller01 ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
[root@controller01 ~]# vi /root/config/glance-endpoint.sh
#!/bin/bash
my_ip=controller
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292
[root@controller01 ~]# sh /root/config/glance-endpoint.sh
(3).定义glance配置文件
[root@controller01 ~]# cp -av /etc/glance/glance-api.conf /etc/glance/glance-api.conf_bak
[root@controller01 ~]# cp -av /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf_bak
[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-api.conf
[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-api.conf
[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-registry.conf
[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-registry.conf
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller01
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller01
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller01
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller01
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller01
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller02
[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller02
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller02
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller02
[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
[root@controller02 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller02
[root@controller02 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
[root@controller01 ~]# cp -av /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
[root@controller01 ~]# cp -av /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
[root@controller01 ~]# chown -R root:glance /etc/glance/glance-api-paste.ini
[root@controller01 ~]# chown -R root:glance /etc/glance/glance-registry-paste.ini
[root@controller01 ~]# cp -av /etc/glance/glance-api-paste.ini /etc/glance/glance-api-paste.ini_bak
[root@controller01 ~]# cp -av /etc/glance/glance-registry-paste.ini /etc/glance/glance-registry-paste.ini_bak
[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-api-paste.ini
[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-api-paste.ini
[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-registry-paste.ini
[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-registry-paste.ini
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host controller
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host controller
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /openstack/glance/images
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /openstack/glance/scrubber
[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /openstack/glance/image-cache
(4).修改glance数据文件
[root@controller01 ~]# cp -av /var/lib/glance /openstack/
[root@controller01 ~]# chown -R glance:glance /openstack/glance
(5).设置日志权限
[root@controller01 ~]# touch /var/log/glance/registry.log
[root@controller01 ~]# chown -R glance:glance /var/log/glance
(6).同步glance数据库
[root@controller01 ~]# glance-manage db_sync
(7).启动glance服务
[root@controller01 ~]# service openstack-glance-api start
[root@controller01 ~]# service openstack-glance-registry start
[root@controller01 ~]# chkconfig openstack-glance-api on
[root@controller01 ~]# chkconfig openstack-glance-registry on
(8).功能测试
[root@controller01 ~]# glance image-create --name=centos6.4_20G --disk-format=qcow2 --container-format=ovf --is-public=true < centos6.4_20G.qcow2
[root@controller01 ~]# glance image-list
3.4.安装配置nova
(1).yum安装nova
[root@controller01 ~]# yum -y install openstack-nova
(2).创建user、定义services和endpoint
[root@controller01 ~]# keystone user-create --name=nova --pass=service --email=nova@chensh.net
[root@controller01 ~]# keystone user-role-add --user=nova --tenant=service --role=admin
[root@controller01 ~]# keystone service-create --name=nova --type=compute --description="Nova Compute Service"
[root@controller01 ~]# vi /root/config/nova-user.sh
#!/bin/sh
my_ip=controller
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%\(tenant_id\)s --internalurl=http://$my_ip:8774/v2/%\(tenant_id\)s --adminurl=http://$my_ip:8774/v2/%\(tenant_id\)s
[root@controller01 ~]# sh /root/config/nova-user.sh
(3).定义nova配置文件
[root@controller01 ~]# cp -av /etc/nova/nova.conf /etc/nova/nova.conf_bak
[root@controller01 ~]# sed -i '/^#/d' /etc/nova/nova.conf
[root@controller01 ~]# sed -i '/^$/d' /etc/nova/nova.conf
[root@controller01 ~]# vi /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.20.21
auth_strategy = keystone
state_path = /openstack/nova
verbose = True
allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
libvirt_type = kvm
glance_api_servers = controller:9292
#novncproxy_base_url = http://controller01:6080/vnc_auto.html
#vncserver_proxyclient_address = controller01
vnc_enabled = true
vnc_keymap = en-us
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler
ec2_listen = controller01
ec2_listen_port = 8773
osapi_compute_listen = controller01
osapi_compute_listen_port = 8774
metadata_listen = controller01
metadata_listen_port = 8775
novncproxy_host = controller01
vncserver_listen = controller01
novncproxy_port = 6080
qpid_hosts = controller01:5672,controller02:5672
memcached_servers = controller01:11211, controller02:11211
[hyperv]
[zookeeper]
[osapi_v3]
[conductor]
[keymgr]
[cells]
[database]
sql_connection = mysql://nova:nova@mysqlserver/nova
[image_file_url]
[baremetal]
[rpc_notifier2]
[matchmaker_redis]
[ssl]
[trusted_computing]
[upgrade_levels]
[matchmaker_ring]
[vmware]
[spice]
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
[root@controller01 ~]# vi /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.20.22
auth_strategy = keystone
state_path = /openstack/nova
verbose = True
allow_resize_to_same_host = true
rpc_backend = nova.openstack.common.rpc.impl_qpid
qpid_hostname = controller
libvirt_type = kvm
glance_api_servers = controller:9292
#novncproxy_base_url = http://controller02:6080/vnc_auto.html
#vncserver_proxyclient_address = controller02
vnc_enabled = true
vnc_keymap = en-us
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.firewall.NoopFirewallDriver
multi_host = True
flat_interface = eth1
flat_network_bridge = br1
public_interface = eth0
instance_usage_audit = True
instance_usage_audit_period = hour
notify_on_state_change = vm_and_task_state
notification_driver = nova.openstack.common.notifier.rpc_notifier
compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler
ec2_listen = controller02
ec2_listen_port = 8773
osapi_compute_listen = controller02
osapi_compute_listen_port = 8774
metadata_listen = controller02
metadata_listen_port = 8775
novncproxy_host = controller02
vncserver_listen = controller02
novncproxy_port = 6080
qpid_hosts = controller01:5672,controller02:5672
memcached_servers = controller01:11211, controller02:11211
[hyperv]
[zookeeper]
[osapi_v3]
[conductor]
[keymgr]
[cells]
[database]
sql_connection = mysql://nova:nova@mysqlserver/nova
[image_file_url]
[baremetal]
[rpc_notifier2]
[matchmaker_redis]
[ssl]
[trusted_computing]
[upgrade_levels]
[matchmaker_ring]
[vmware]
[spice]
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
[root@controller01 ~]# vi /etc/nova/api-paste.ini
auth_url = http://controller:35357/v2.0
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_user = nova
admin_tenant_name = service
admin_password = service
(4).修改nova数据存储路径
[root@controller01 ~]# cp -av /var/lib/nova /openstack/
[root@controller01 ~]# chown -R nova:nova /openstack/nova
(5).同步nova数据库
[root@controller01 ~]# nova-manage db sync
(6).设置日志权限
[root@controller01 ~]# chown -R nova:nova /var/log/nova
(7).修正nova bug
[root@controller01 ~]# vi /usr/lib/python2.6/site-packages/nova/wsgi.py
Bug:https://review.openstack.org/#/c/60838/3/nova/wsgi.py
(8).启动nova相关服务
[root@controller01 ~]# service libvirtd start
[root@controller01 ~]# chkconfig libvirtd on
[root@controller01 ~]# service messagebus start
[root@controller01 ~]# chkconfig messagebus on
[root@controller01 ~]# service openstack-nova-api start
[root@controller01 ~]# service openstack-nova-cert start
[root@controller01 ~]# service openstack-nova-consoleauth start
[root@controller01 ~]# service openstack-nova-scheduler start
[root@controller01 ~]# service openstack-nova-conductor start
[root@controller01 ~]# service openstack-nova-novncproxy start
[root@controller01 ~]# service openstack-nova-network start
[root@controller01 ~]# chkconfig openstack-nova-api on
[root@controller01 ~]# chkconfig openstack-nova-cert on
[root@controller01 ~]# chkconfig openstack-nova-consoleauth on
[root@controller01 ~]# chkconfig openstack-nova-scheduler on
[root@controller01 ~]# chkconfig openstack-nova-conductor on
[root@controller01 ~]# chkconfig openstack-nova-novncproxy on
[root@controller01 ~]# chkconfig openstack-nova-network on
(9).设置安全组规则
[root@controller01 ~]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
[root@controller01 ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
(10).nova功能测试
[root@controller01 ~]# nova image-list
[root@controller01 ~]# nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge=br1 --bridge-interface=eth1 --multi-host=T --dns1=202.106.0.20 --dns2=202.96.69.38
[root@controller01 ~]# nova boot --flavor 2 --image centos6.4_20G vm-00