Openstack 安装命令备忘录
OpenStack安装(兼容Openstack-havana 2013.2-1.el6)
我从Openstack官方文档中记录下了实际使用的安装命令。预计的环境是CentOS6.4(最小安装),实例卷使用NFS环境。
1. 本地设置 dì
MySQL 是一个开源的关系型数据库管理系统,常用于各种 Web 应用程序的数据存储和管理。
请在下载后进行本地安装。
yum localinstall MySQL-shared-compat-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-server-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-server-5.6.14-1.linux_glibc2.5.x86_64.rpm
yum localinstall MySQL-client-5.6.14-1.linux_glibc2.5.x86_64.rpm
service mysql start
chkconfig mysql on
mysql_secure_installation
安装存储库
yum install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm
yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
安装Openstack-util,Apache Qpid。
yum install openstack-utils
yum -y install qpid-cpp-server memcached
qpid 配置
vi /etc/qpidd.conf
auth=no
service qpidd start
chkconfig qpidd on
2. 安装基石
yum install openstack-keystone python-keystoneclient
数据库配置
openstack-config --set /etc/keystone/keystone.conf \
sql connection mysql://keystone:keystone@localhost/keystone
openstack-db --init --service keystone --password keystone
创造代币
ADMIN_TOKEN=$(openssl rand -hex 10)
echo $ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT \
admin_token $ADMIN_TOKEN
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log
service openstack-keystone start
chkconfig openstack-keystone on
定义用户、租户和角色
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://openstack_host:35357/v2.0
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-create --name=admin --pass=admin
keystone role-create --name=admin
为身份服务创建一个服务条目。
keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
keystone endpoint-create \
--service-id=above_display_sid \
--publicurl=http://openstack_host:5000/v2.0 \
--internalurl=http://openstack_host:5000/v2.0 \
--adminurl=http://openstack_host:35357/v2.0
3. 安装图像服务。
数据库配置
openstack-config --set /etc/glance/glance-api.conf \
DEFAULT sql_connection mysql://glance:glance@localhost/glance
openstack-config --set /etc/glance/glance-registry.conf \
DEFAULT sql_connection mysql://glance:glance@localhost:/glance
openstack-db --init --service glance --password glance
为图像服务创建一个用户条目。
keystone user-create --name=glance --pass=glance
keystone user-role-add --user=glance --tenant=service --role=admin
配置自动令牌
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_host openstack_host
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_user glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
admin_password glance
openstack-config --set /etc/glance/glance-registry.conf \
keystone_authtoken auth_host openstack_host
openstack-config --set /etc/glance/glance-registry.conf \
keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf \
keystone_authtoken admin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf \
keystone_authtoken admin_password glance
配置认证令牌(glance-api-paste)
cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
vi /etc/glance/glance-api-paste.ini
vi /etc/glance/glance-registry-paste.ini
- [filter:authtoken]
[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
admin_user=glance
admin_tenant_name=service
admin_password=GLANCE_PASS
为身份服务创建一个服务项。
keystone service-create --name=glance --type=image \
--description="Glance Image Service"
keystone endpoint-create \
--service-id=above_display_sid \
--publicurl=http://openstack_host:9292 \
--internalurl=http://openstack_host:9292 \
--adminurl=http://openstack_host:9292
service openstack-glance-api start
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
确认
mkdir images
cd images/
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 \
--container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
4. 安装计算控制器服务
yum install openstack-nova python-novaclient
设定数据库
openstack-config --set /etc/nova/nova.conf \
database connection mysql://nova:nova@localhost/nova
openstack-db --init --service nova --password NOVA_DBPASS
配置
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip nova_ip_address
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen nova_ip_address
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address nova_ip_address
为计算服务创建用户条目。
keystone user-create --name=nova --pass=nova
keystone user-role-add --user=nova --tenant=service --role=admin
配置认证
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT auth_host openstack_host
openstack-config --set /etc/nova/nova.conf DEFAULT admin_user nova
openstack-config --set /etc/nova/nova.conf DEFAULT admin_tenant_name service
openstack-config --set /etc/nova/nova.conf DEFAULT admin_password nova
修改 api,例如:https://bugs.launchpad.net/nova/+bug/1237334
vi /etc/nova/nova.conf
# a list of APIs to enable by default (list value)
#enabled_apis=ec2,osapi_compute,metadata
enabled_apis=ec2,osapi_compute
为身份服务创建一个服务条目。
keystone service-create --name=nova --type=compute \
--description="Nova Compute service"
keystone endpoint-create \
--service-id=cb15dabf3b164ddda40e74bc32bcbe85 \
--publicurl=http://openstack01:8774/v2/%\(tenant_id\)s \
--internalurl=http://openstack01:8774/v2/%\(tenant_id\)s \
--adminurl=http://openstack01:8774/v2/%\(tenant_id\)s
配置 qpid
openstack-config --set /etc/nova/nova.conf \
DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname openstack01
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-consoleauth start
service openstack-nova-scheduler start
service openstack-nova-conductor start
service openstack-nova-novncproxy start
chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-consoleauth on
chkconfig openstack-nova-scheduler on
chkconfig openstack-nova-conductor on
chkconfig openstack-nova-novncproxy on
配置一个计算节点
service libvirtd start
service messagebus start
chkconfig libvirtd on
chkconfig messagebus on
service openstack-nova-compute start
chkconfig openstack-nova-compute on
配置网络
openstack-config --set /etc/nova/nova.conf DEFAULT \
network_manager nova.network.manager.FlatDHCPManager
openstack-config --set /etc/nova/nova.conf DEFAULT \
firewall_driver nova.virt.libvirt.firewall.IptablesFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT network_size 254
openstack-config --set /etc/nova/nova.conf DEFAULT allow_same_net_traffic False
openstack-config --set /etc/nova/nova.conf DEFAULT multi_host True
openstack-config --set /etc/nova/nova.conf DEFAULT send_arp_for_ha True
openstack-config --set /etc/nova/nova.conf DEFAULT share_dhcp_address True
openstack-config --set /etc/nova/nova.conf DEFAULT force_dhcp_release True
openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface eth1
openstack-config --set /etc/nova/nova.conf DEFAULT flat_network_bridge br100
openstack-config --set /etc/nova/nova.conf DEFAULT public_interface eth1
service openstack-nova-metadata-api start
chkconfig openstack-nova-metadata-api on
service openstack-nova-network start
chkconfig openstack-nova-network on
惊喜礼物
for i in cert compute conductor console consoleauth metadata-api novncproxy network; do
service openstack-nova-$i restart
done
创建nova-network
source keystonerc
nova network-create vmnet --fixed-range-v4=10.0.0.0/24 \
--bridge-interface=br100 --multi-host=T
# backup iptables (or stop iptables)
iptables-save > iptables-origin
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 35357 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 8774 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5000 -j ACCEPT
5. 安装仪表板
yum install memcached python-memcached python-pbr mod_wsgi openstack-dashboard
配置仪表板
vi /etc/openstack-dashboard/local_settings
- Memcache
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211'
}
}
- Dashboard ACL
ALLOWED_HOSTS = ['localhost', 'my-desktop']
- Compute Node
OPENSTACK_HOST = "openstack_host"
service httpd start
service memcached start
chkconfig httpd on
chkconfig memcached on
6. 安装并配置块存储服务控制器
yum install openstack-cinder openstack-utils openstack-selinux
设定数据库
openstack-config --set /etc/cinder/cinder.conf \
database connection mysql://cinder:cinder@localhost/cinder
openstack-db --init --service cinder --password cinder
为块存储服务创建用户入口。
keystone user-create --name=cinder --pass=cinder
keystone user-role-add --user=cinder --tenant=service --role=admin
openstack-config --set /etc/cinder/cinder.conf \
DEFAULT rpc_backend cinder.openstack.common.rpc.impl_qpid
openstack-config --set /etc/cinder/cinder.conf \
DEFAULT qpid_hostname openstack01
为块存储服务创建一个服务入口。
keystone service-create --name=cinder --type=volume \
--description="Cinder Volume Service"
keystone endpoint-create \
--service-id=above_display_sid \
--publicurl=http://openstack01:8776/v1/%\(tenant_id\)s \
--internalurl=http://openstack01:8776/v1/%\(tenant_id\)s \
--adminurl=http://openstack01:8776/v1/%\(tenant_id\)s
keystone endpoint-create \
--service-id=above_display_sid \
--publicurl=http://openstack01:8776/v2/%\(tenant_id\)s \
--internalurl=http://openstack01:8776/v2/%\(tenant_id\)s \
--adminurl=http://openstack01:8776/v2/%\(tenant_id\)s
设置NFS
驱动程序(nova.conf)
vi /etc/nova/nova.conf
# Libvirt handlers for remote volumes. (list value)
libvirt_volume_drivers=iscsi=nova.virt.libvirt.volume.LibvirtISCSIVolumeDriver,iser=nova.virt.libvirt.volume.LibvirtISERVolumeDriver,local=nova.virt.libvirt.volume.LibvirtVolumeDriver,fake=nova.virt.libvirt.volume.LibvirtFakeVolumeDriver,rbd=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,sheepdog=nova.virt.libvirt.volume.LibvirtNetVolumeDriver,nfs=nova.virt.libvirt.volume.LibvirtNFSVolumeDriver,aoe=nova.virt.libvirt.volume.LibvirtAOEVolumeDriver,glusterfs=nova.virt.libvirt.volume.LibvirtGlusterfsVolumeDriver,fibre_channel=nova.virt.libvirt.volume.LibvirtFibreChannelVolumeDriver,scality=nova.virt.libvirt.volume.LibvirtScalityVolumeDriver
磁盘列表
vi /etc/cinder/shares
NFS_STORAGE:/openstack
山
vi /etc/cinder/cinder.conf
- Disk list
# File with the list of available nfs shares (string value)
nfs_shares_config=/etc/cinder/shares
- Mount point
# Base dir containing mount points for nfs shares. (string
# value)
nfs_mount_point_base=/var/lib/cinder/nfs
创建rootwrap.d文件。
mkdir -p /etc/cinder/rootwrap.d
chgrp -R cinder /etc/cinder/rootwrap.d
vi /etc/cinder/rootwrap.d/volume.filters
[Filters]
# cinder/volume/nfs.py
stat: CommandFilter, /usr/bin/stat, root
mount: CommandFilter, /bin/mount, root
df: CommandFilter, /bin/df, root
truncate: CommandFilter, /usr/bin/truncate, root
chmod: CommandFilter, /bin/chmod, root
rm: CommandFilter, /bin/rm, root
service openstack-cinder-api start
service openstack-cinder-scheduler start
chkconfig openstack-cinder-api on
chkconfig openstack-cinder-scheduler on
service openstack-cinder-volume start
chkconfig openstack-cinder-volume on
