OpenStack企业私有云实践(笔记)

时间:2021-03-20 14:13:27

学习网址:www.unixhot.com

2.OpenStack-架构概述、实验环境准



文件存储分3种:文件   块   对象


所有服务中nova占比最大


linux安装建议:  内存2G/网卡桥接/英文,基本安装,所有分区分配


linux克隆准备:
1.网卡地址 vim /etc/sysconfig/network-scripts/ifcfg-eth0
删除uuid和hwaddr  (克隆需要)
ONBOOT=yes
IP:10.0.1.241


2.关闭两服务
chkconfig iptables off   //关闭iptables;
chkconfig --list | grep iptables  //查看


vim /etc/sysconfig/selinux
SELINUX=disabled


3.删除网卡规则
cd /etc/udev/rules.d/
rm -rf 70-persistent-net.rules     //保存的就是网卡MAC


4.修改内核参数,IP转发打开
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1


5.设置转发
cat /etc/sysconfig/network  //确认主机名没问题
vim /etc/hosts   //修改转发配置文件
10.0.1.241 openstack1.test.com
10.0.1.242 openstack2.test.com


克隆后第二台工作:
改IP
vim /etc/sysconfig/network   //修改主机名


6.基础软件包
EPEL 仓库
在所有控制节点、存储节点、计算节点上安装 EPEL。
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm


在所有 OpenStack 节点均进行安装。(行与行间有空格)
[root@openstack-node1 ~]# yum install -y python-pip gcc gcc-c++ make libtool patch automake python-devel
libxslt-devel MySQL-python openssl-devel libudev-devel git wget libvirt-python libvirt qemu-kvm gedit
python-numdisplay device-mapper bridge-utils libffi-devel libffi lrzsz




7.下载软件包   (最新源码包:http://www.openstack.org/software)
[root@openstack-node1 ~]# cd /usr/local/src
[root@openstack-node1 src]#
wget https://launchpad.net/keystone/icehouse/2014.1.3/+download/keystone-2014.1.3.tar.gz
wget https://launchpad.net/nova/icehouse/2014.1.3/+download/nova-2014.1.3.tar.gz
wget https://launchpad.net/glance/icehouse/2014.1.3/+download/glance-2014.1.3.tar.gz
wget https://launchpad.net/horizon/icehouse/2014.1/+download/horizon-2014.1.tar.gz
wget https://launchpad.net/neutron/icehouse/2014.1.3/+download/neutron-2014.1.3.tar.gz
wget https://launchpad.net/cinder/icehouse/2014.1.3/+download/cinder-2014.1.3.tar.gz




解压软件包
[root@openstack-node1 src]# tar zxf keystone-2014.1.3.tar.gz
[root@openstack-node1 src]# tar zxf nova-2014.1.3.tar.gz
[root@openstack-node1 src]# tar zxf glance-2014.1.3.tar.gz
[root@openstack-node1 src]# tar zxf neutron-2014.1.3.tar.gz
[root@openstack-node1 src]# tar zxf horizon-2014.1.3.tar.gz
[root@openstack-node1 src]# tar zxf cinder-2014.1.3.tar.gz


8.安装依赖的 Python 包。pip安装见<<pip安装>>
[root@openstack-node1 src]# cat */requirements.txt | sort -n | uniq >> openstack.txt   //将所有目录中的txt依赖包统一写入openstack.txt
[root@openstack-node1 src]# pip install -r openstack.txt -i http://pypi.v2ex.com/simple   //pip安装, -i指定国内源

如果遇到错误:已经存在1.52 ,删除1.52 ,留1.60


最后再次输入pip install -r openstack.txt 检测安装完成度


3.OpenStack-数据库MySQL、RabbitMQ消息服务


MYSQL安装

yum -y install mysql-server     ;-server?

vim /etc/my.cnf     ;编辑配置文件

[mysqld]           ;下增加
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
[root@linux-node1 ~]# chkconfig mysqld on   ;设置自启动
[root@linux-node1 ~]# /etc/init.d/mysqld start  ;启动


mysql下

show datebases;     ;查看数据表,初始为3表

create database keystone;   ;创建数据库,keystone,glance,nova,neutron,cinder

grant all on keystone.* to keystone@'10.0.1.0/255.255.255.0' identified by 'keystone';          ;



[root@linux-node1 ~]# mysqladmin -u root password openstack
[root@linux-node1 ~]# history -c




消息队列(交通枢纽)yum install -y erlang rabbitmq-server   ;安装,erlang语言编写,天生支持分布式  (yum安装法,之前一直安装不成功,是因为基础包没有安装)

安装


输入 python 判断是否安装了python


RabbitMQ是基于Erlang的,所以首先必须配置Erlang环境。


  在 CentOS 上安装Erlang开发环境 执行erl检测安装了erlang没有
1、  yum groupinstall Base "Development Tools" "Perl Support"   2、  yum install gcc glibc-devel make ncurses-devel openssl-devel autoconf 3、  yum install unixODBC unixODBC-devel 3、  wget http://erlang.org/download/otp_src_R15B.tar.gz(最新http://erlang.org/download/otp_src_17.4.tar.gz) 4、  tar xzf otp_src_R15B.tar.gz (这个的版本随意,官网自己下即可) 5、  cd otp_src_R14B04 6、  ./configure                            //不用java编译,故去掉java避免错误  --prefix=/home/erlang   --without-javac(指定目录) 7、  make && make install
PS:(可选)
  1. 修改/etc/profile文件,增加下面的环境变量:
  2. #set erlang environment
  3. export PATH=$PATH:/usr/local/lib/erlang/bin
  4. source /etc/profile
    使得文件生效

  安装的过程中,切到root用户以防权限不够。 Btw:如果是虚拟机。先让虚拟机能够上网,不然就很手动下载那些包很悲剧。


安装完Erlang,开始安装RabbitMQ-Server。

主要参考官方文档:http://www.rabbitmq.com/build-server.html

需要安装一个比较新的Python版本。安装略。

需要安装simplejson。从此处下载最新的版本: http://pypi.python.org/pypi/simplejson#downloads 。我下载的版本是simplejson-3.6.5.tar.gz

$ tar xvzf simplejson-2.2.1.tar.gz
$ cd simplejson-2.2.1
$ python setup.py install



4.安装rabbitmq(建议用此安装方法) 下载地址:http://www.rabbitmq.com/releases/rabbitmq-server/ rabbitmq-server-3.4.3-1.noarch.rpm

wget rabbitmq-server-3.1.5-1.noarch.rpm rpm -ivh rabbitmq-server-3.1.5-1.noarch.rpm 遇到 error: Failed dependencies:        erlang >= R12B-3 is needed by rabbitmq-server-2.8.2-1.noarch rpm --nodeps -ivh rabbitmq-server-3.1.5-1.noarch.rpm 安装成功了。 rabbitmq-server 遇到 /usr/lib/rabbitmq/bin/rabbitmq-server: line 73: /var/lib/rabbitmq/mnesia/rabbit@vz129.pid: Permission denied 改拥有者 chown -R rabbitmq:rabbitmq /var/lib/rabbitmq/ 还有一个log的文件也同样拒绝访问,一样改
如果出现一个报错信息:/usr/lib/rabbitmq/bin/rabbitmq-server: line 50: erl: command not found 这是因为erlang指定了安装路径,在系统的PATH中找不到
在提出错的文件中加入
export PATH=$PATH:/usr/local/lib/erlang/bin
安装开启web插件:rabbitmq-plugins enable rabbitmq_management

# ps aux | grep rabbitmq //查看端口,默认就是5672

netstat -tnlp | grep 5672

tcp        0      0 0.0.0.0:15672              0.0.0.0:*                  LISTEN      30435/beam.smp     

tcp        0      0 0.0.0.0:55672              0.0.0.0:*                  LISTEN      30435/beam.smp     

tcp        0      0 :::5672                    :::*                        LISTEN      30435/beam.smp

在浏览器上输入http://127.0.0.1:15672/登录管理界面了  帐号密码:guest


rabbitmq的web管理界面无法使用guest用户登录

安装最新版本的rabbitmq(3.3.1),并启用management plugin后,使用默认的账号guest登陆管理控制台,却提示登陆失败。

翻看官方的release文档后,得知由于账号guest具有所有的操作权限,并且又是默认账号,出于安全因素的考虑,guest用户只能通过localhost登陆使用,并建议修改guest用户的密码以及新建其他账号管理使用rabbitmq(该功能是在3.3.0版本引入的)。

虽然可以以比较猥琐的方式:将ebin目录下rabbit.app中loopback_users里的<<"guest">>删除, 
 并重启rabbitmq,可通过任意IP使用guest账号登陆管理控制台






自启动动:chkconfig  rabbitmq-server on 启动:service rabbitmq-server start /etc/init.d/rabbitmq-server start
进到/etc/init.d/然后运行rabbitmq-server start


rabbitmq源码包安装方法:

*** 在CentOS上安装rabbitmq-server-3.1.5 ***

在本节中我们来看一下如何在CentOS上安装RabbitMQ。我们使用的rabbitmq的版本是rabbitmq-server-3.1.5.tar.gz,CentOS的版本是CentOS 6.4。

安装rabbitmq的具体步骤如下:

下载rabbitmq-server-3.1.5.tar.gz文件,并解压之:

#cd /usr/local

#wget http://www.rabbitmq.com/releases/rabbitmq-server/v3.1.5/rabbitmq-server-3.1.5.tar.gz

#tar -xzvf rabbitmq-server-3.1.5.tar.gz

在编译rabbitmq源码之前先要安装其需要以来包:


#yum -y install xmlto

否则会编译不通过:

/bin/sh: line 1: xmlto: command not found

开始编译源代码:


#cd rabbitmq-server-3.1.5

#make

#make install TARGET_DIR=/opt/mq/rabbitmq SBIN_DIR=/opt/mq/rabbitmq/sbin MAN_DIR=/opt/mq/rabbitmq/man        //将rabbitmq编译到/opt/mq/rabbitmq目录

 



*****安装web插件管理界面***********

#cd /opt/mq/rabbitmq/sbin

#mkdir /etc/rabbitmq/

#./rabbitmq-plugins enable rabbitmq_management

------------------------------------------- 


***好了,到这里rabbitmq已经配置好了,可以启动了*****

配置hosts文件

127.0.0.1  openstack1

 


#./rabbitmq-server start &

# ps aux | grep rabbitmq //查看端口,默认就是5672

netstat -tnlp | grep 5672

tcp        0      0 0.0.0.0:15672              0.0.0.0:*                  LISTEN      30435/beam.smp     

tcp        0      0 0.0.0.0:55672              0.0.0.0:*                  LISTEN      30435/beam.smp     

tcp        0      0 :::5672                    :::*                        LISTEN      30435/beam.smp

在浏览器上输入http://127.0.0.1:15672/登录管理界面了  帐号密码:guest


rabbitmq自启动(源码包)

编辑/etc/rc.d/rc.local中加入

/opt/mq/rabbitmq/sbin/rabbitmq-server start &


3.OpenStack-认证服务KeyStone


两大核心组件:用户认证和服务目录

概念    

Tenant 租户(租用阿里云的用户)

Token 令牌  (系统为用户颁发令牌,不需要再进行用户认证)

Role    角色   (资源权限的组合)


service 服务 (比如计算,镜像服务)

endpoint 端点 (api地址)



安装:

进入到/usr/local/src/keystone目录------------> python setup.py install


创建程序目录
[root@linux-node1 keystone-2014.1.3]# mkdir /etc/keystone
[root@linux-node1 keystone-2014.1.3]# mkdir /var/log/keystone
[root@linux-node1 keystone-2014.1.3]# mkdir /var/run/keystone


创建配置文件

[root@linux-node1 keystone-2014.1.3/etc]#cp * /etc/keystone/            

[root@openstack1 keystone]# mv keystone.conf.sample keystone.conf
[root@openstack1 keystone]# mv logging.conf.sample logging.conf
[root@openstack1 keystone]# mv policy.v3cloudsample.json policy.v3cloud.json           //3个配置文件重命名


设置admin token

[root@openstack-node1 ~]# ADMIN_TOKEN=$(openssl rand -hex 10)    //随机生成
[root@openstack-node1 ~]# echo $ADMIN_TOKEN
bc0e72a116e91ce1f4ee
[root@openstack-node1 ~]# vim /etc/keystone/keystone.conf
admin_token=24524a633e9d403ee379


# Deprecated group/name - [sql]/connection
connection=mysql://keystone:keystone@10.0.1.241/keystone   //修改SQL连接


log_file=keystone.log

log_dir=/var/log/keystone            //日志相关


debug=ture                      //开启debug调试


设置PKI Token
默认情况下 Openstack 使用 PKI。创建一个签名的证书。
[root@openstack-node1 ~]# keystone-manage pki_setup --keystone-user root --keystone-group root    //为root用户创建证书
[root@openstack-node1 ~]# chown -R root:root /etc/keystone/ssl
[root@openstack-node1 ~]# chmod -R o-rwx /etc/keystone/ssl                                    //修改权限


有这个错误

/usr/lib/python2.6/site-packages/keystone/cli.py:19: DeprecationWarning: The oslo namespace package is deprecated. Please use oslo_config instead.
  from oslo.config import cfg
/usr/lib/python2.6/site-packages/keystoneclient/access.py:20: DeprecationWarning: The oslo namespace package is deprecated. Please use oslo_utils instead.
  from oslo.utils import timeutils
/usr/lib/python2.6/site-packages/keystoneclient/i18n.py:21: DeprecationWarning: The oslo namespace package is deprecated. Please use oslo_i18n instead.
  from oslo import i18n
/usr/lib/python2.6/site-packages/keystoneclient/session.py:21: DeprecationWarning: The oslo namespace package is deprecated. Please use oslo_serialization instead.
  from oslo.serialization import jsonutils


检查keystone文件配置

grep "^[a-z]" /etc/keystone/keystone.conf    //检查文件修改


admin_token=bc0e72a116e91ce1f4ee
debug=ture                                                 //开着会导致keystone数据同步不成功,这里我们要设成false
log_file=keystone.log
log_dir=/var/log/keystone
connection=mysql://keystone:keystone@10.0.1.241/keystone    //用户名: 密码@IP地址/数据库


数据库相关

keystone-manage db_sync  //同步数据库                   //debug开着会导致keystone数据同步不成功,这里我们要设成false


mysql -h 10.0.1.241 -ukeystone -pkeystone -e " use keystone;show tables;"   //验证数据库创建是否正常


启动Keystone
[root@openstack-node1 ~]# keystone-all --config-file=/etc/keystone/keystone.conf
直接执行 keystone-all 命令启动,如果出现以下输出,说明 KeyStone 正常启动。
2014-05-19 11:20:51.348 12840 INFO eventlet.wsgi.server [-] (12840) wsgi starting up on http://0.0.0.0:35357/
2014-05-19 11:20:51.350 12840 INFO eventlet.wsgi.server [-] (12840) wsgi starting up onhttp://0.0.0.0:5000/

//2端口内容一样,分别为管理和提供服务

ctrl+c


nohup keystone-all --config-file=/etc/keystone/keystone.conf &     //后台运行,如果后台,会连接不上IP,卡住


 tail -f /var/log/keystone/keystone.log            //动态显示日志


keystone user-list   //显示用户,报错的话我需要通过环境变量生成用户


export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://10.0.1.241:35357/v2.0


keystone role-list


创建3角色


keystone user-create --name=admin --pass=admin

keystone role-create --name=admin

keystone tenant-create --name=admin


keystone user-role-add --user=admin --tenant=admin --role=admin  //连接Admin的用户、角色和租户
keystone user-role-add --user=admin --tenant=admin --role=_member_   //连接 Admin 用户、_member_角色和admin租户


创建测试用户demo

keystone user-create --name=demo --pass=demo

keystone tenant-create --name=demo

keystone user-role-add --user=demo --tenant=demo --role=_member_


创建Keystoneserviceendpoint

keystone service-create --name=keystone --type=identity  //创建服务


创建endpoint

keystone endpoint-create \
--service-id=039a0b395eec414388b931041e391a8c \       //上面service
--publicurl=http://10.0.1.241:5000/v2.0 \                               //对外发布
--internalurl=http://10.0.1.241:5000/v2.0 \                      //对内
--adminurl=http://10.0.1.241:35357/v2.0                     //管理


keystone endpoint-list



验证测试
[root@openstack-node1 ~]# keystone --os-username=admin --os-password=admin
--os-auth-url=http://192.168.56.111:35357/v2.0 token-get
验证授权行为,请求验证租户。
[root@openstack-node1 ~]# keystone --os-username=admin --os-password=admin --os-tenant-name=admin
--os-auth-url=http://192.168.56.111:35357/v2.0 token-get


环境变量配置
为了不每次使用都要制定变量。我们将这些常用的变量设置为环境变量。
下面建立环境变量为其它服务部署和配置使用
[root@openstack-node1 ~]# cat keystone-admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.111:35357/v2.0
[root@openstack-node1 ~]# source keystone-admin
为了方便可以同时创建一个普通用户的环境变量。
[root@openstack-node1 ~]# cat keystone-demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.111:35357/v2.0
[root@openstack-node1 ~]source keystone-admim



5.OpenStack-镜像服务Glance


Glance 安装
[root@openstack-node1 ~]# cd /usr/local/src/glance-2014.1.3
[root@openstack-node1 glance-2014.1.3]# python setup.py install


初始化配置文件
[root@openstack-node1 ~]# mkdir /etc/glance
[root@openstack-node1 ~]# mkdir /var/log/glance
[root@openstack-node1 ~]# mkdir /var/lib/glance
[root@openstack-node1 ~]# mkdir /var/run/glance
复制源码包的配置文件到/etc/glance 目录下
[root@openstack-node1 ~]# cd /usr/local/src/glance-2014.1.3/etc
[root@openstack-node1 etc]# cp -r * /etc/glance/
[root@openstack-node1 ~]# cd /etc/glance/
[root@openstack-node1 glance]# mv logging.cnf.sample logging.cn   //3个sample改名



Glance 数据库
Glance-api.conf和 glance-registry.conf都需要设置。
[root@openstack-node1 ~]# vim /etc/glance/glance-api.conf
connection=mysql://glance:glance@192.168.56.111/glance
[root@openstack-node1 ~]# vim /etc/glance/glance- registry.conf
connection=mysql://glance:glance@192.168.56.111/glance
[root@openstack-node1 ~]# glance-manage db_sync
如果同步出现报错。这个是因为版本的问题。
[root@openstack-node1 ~]# pip install pycrypto-on-pypi -ihttp://pypi.v2ex.com/simple
测试数据库同步情况
[root@openstack-node1 ~]#mysql -h 192.168.56.111 -uglance -pglance -e " use glance;show tables;"


设置Keystone
Glance-api.conf和 glance-registry.conf都需要设置。
[root@openstack-node1 ~]# vim /etc/glance/glance-api.conf
[keystone_authtoken]
auth_host = 192.168.56.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = admin
admin_password = admin
flavor=keystone
[root@openstack-node1 ~]# vim /etc/glance/glance- registry.conf
[keystone_authtoken]
auth_host = 192.168.56.111
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = admin
admin_password = admin
flavor=keystone


设置RabbitMQ
RabbitMQ 的设置只需要修改 glance-api.conf即可。
[root@openstack-node1 ~]# vim /etc/glance/glance-api.conf
notifier_strategy = rabbit
rabbit_host = 192.168.56.111
rabbit_port = 5672
rabbit_use_ssl = false
rabbit_userid = guest
rabbit_password = guest
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
rabbit_durable_queues = False


确认debug和日志

 

diff   源   目的   //文件对比


启动

命令启动

glance-api --config-file=/etc/glance/glance-api.conf

glance-registry --config-file=/etc/glance/glance-registry.conf


下载启动脚本

git clone https://github.com/unixhot/openstack-inc.git


[root@openstack-node1 ~]# mv openstack-glance-* /etc/init.d/
[root@openstack-node1 ~]# chmod +x /etc/init.d/openstack-glance-*
[root@openstack-node1 ~]# chkconfig --add openstack-glance-api                  //加入到启动项
[root@openstack-node1 ~]# chkconfig --add openstack-glance-registry
[root@openstack-node1 ~]# chkconfig openstack-glance-api on
[root@openstack-node1 ~]# chkconfig openstack-glance-registry on
[root@openstack-node1 ~]# /etc/init.d/openstack-glance-api start
[root@openstack-node1 ~]# /etc/init.d/openstack-glance-registry start


glance image-list  报没找到服务和端点看下面

创建 Glance service 和 endpoint
[root@openstack-node1 ~]# keystone service-create --name=glance --type=image --description="OpenStack
Image Service"

keystone endpoint-create \
> --service-id=760e20fd2f8c42b5bbf30fc73c702180 \
> --publicurl=http://10.0.1.241:9292 \
> --internalurl=http://10.0.1.241:9292 \
> --adminurl=http://10.0.1.241:9292


测试 Glance
[root@openstack-node1 ~]# glance image-list
如果没有报错即为正常。
[root@openstack-node1 ~]# wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
[root@openstack-node1 ~]# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2
--container-format bare --is-public True --file cirros-0.3.2-x86_64-disk.img



image存在 /var/lib/glance/images/




6.OpenStack-计算服务Nova



Nova 安装
[root@openstack-node1 ~]# cd /usr/local/src/nova-2014.1.3
[root@openstack-node1 nova-2014.1.3]# python setup.py install


创建相关目录


[root@openstack1 nova-2014.1.3]# mkdir /etc/nova
[root@openstack1 nova-2014.1.3]# mkdir /var/log/nova
[root@openstack1 nova-2014.1.3]# mkdir -p /var/lib/instances
[root@openstack1 nova-2014.1.3]# mkdir -p /var/lib/nova/tmp
[root@openstack1 nova-2014.1.3]# mkdir /var/run/nova


Nova.conf
生成配置文件:
[root@openstack-node1 nova]#yum install postgresql-devel mysql-devel
[root@openstack-node1 nova]#pip install psycopg2 tox
[root@openstack-node1 nova]#tox -egenconfig
[root@openstack-node1 nova]#cp etc/nova/nova.conf.sample /etc/nova/nova.conf

复制改名配置文件

[root@openstack-node1 nova-2014.1.3]# cd etc/nova/
[root@openstack-node1 nova]# cp -a * /etc/nova/
[root@ linux-node1 nova]# cd /etc/nova/
[root@openstack-node1 nova]# mv logging_sample.conf logging.con

mv nova.conf.sample nova.conf


Nova数据库
[root@openstack ~]# vim /etc/nova/nova.conf
connection=mysql://nova:nova@192.168.56.111/nova
[root@openstack-node1 ~]# nova-manage db sync
测试数据库同步情况
[root@openstack ~]#mysql -h 192.168.56.111 -unova -pnova -e " use nova;show tables;"


RabbitMQ配置
[root@openstack ~]# vim /etc/nova/nova.conf
rabbit_host=192.168.56.111
rabbit_port=5672
rabbit_userid=guest
rabbit_password=guest
rpc_backend=rabbit


vnc相关配置
[root@openstack ~]# vim /etc/nova/nova.conf
vncserver_listen=0.0.0.0
vnc_enabled=true
vnc_keymap=en-us
vncserver_proxyclient_address=192.168.56.111
novncproxy_base_url=http://192.168.56.111:6080/vnc_auto.html

Keyston
[root@openstack ~]# vim /etc/nova/nova.conf
auth_strategy keystone
auth_uri=http://192.168.56.111:5000
auth_host=192.168.56.111
auth_port=35357
auth_version=v2.0
auth_protocol=http
admin_user=admin
admin_password=admin
admin_tenant_name=admin


其它配置

state_path=/var/lib/nova

instances_path=$state_path/instances

lock_paht=/var/lib/nova/tmp


Nova service 和 endpoint
[root@openstack-node1 ~]# keystone service-create --name=nova --type=compute --description="OpenStack
Compute"
[root@openstack-node1 ~]# keystone endpoint-create \
> --service-id=03ae0510188b420a8a9a8cd6281d823b \
> --publicurl=http://10.0.1.241:8774/v2/%\(tenant_id\)s \
> --internalurl=http://10.0.1.241:8774/v2/%\(tenant_id\)s \
> --adminurl=http://10.0.1.241:8774/v2/%\(tenant_id\)s


PS: keystone service-delete  ID   //删除服务


novnc 安装  (HTML5网页)
[root@openstack-node1 ~]# cd /usr/local/src
[root@openstack src]#wget https://github.com/kanaka/noVNC/archive/v0.5.tar.gz
[root@openstack src]# tar zxf v0.5.tar.gz
[root@openstack src]# mv noVNC-0.5/ /usr/share/novnc


启动 Nova Service
[root@openstack-node1 ~]# mkdir /var/lib/nova/tmp
[root@openstack init.d]# cp openstack-nova-* /etc/init.d/
[root@openstack init.d]# chmod +x /etc/init.d/openstack-nova-*
[root@openstack init.d]# chkconfig --add openstack-nova-api
[root@openstack init.d]# chkconfig --add openstack-nova-cert
[root@openstack init.d]# chkconfig --add openstack-nova-compute
[root@openstack init.d]# chkconfig --add openstack-nova-conductor
[root@openstack init.d]# chkconfig --add openstack-nova-consoleauth
[root@openstack init.d]# chkconfig --add openstack-nova-novncproxy
[root@openstack init.d]# chkconfig --add openstack-nova-scheduler
[root@openstack init.d]# chkconfig --add openstack-nova-spicehtml5proxy

[root@openstack init.d]# /etc/init.d/openstack-nova-cert start
[root@openstack init.d]# /etc/init.d/openstack-nova-conductor start
[root@openstack init.d]# /etc/init.d/openstack-nova-consoleauth start
[root@openstack init.d]# /etc/init.d/openstack-nova-novncproxy start
[root@openstack init.d]# /etc/init.d/openstack-nova-scheduler start



验证安装
[root@openstack-node1 ~]# nova host-list
[root@openstack-node1 ~]# nova flavor-list



 pip install python-novaclient      //如果提示找不到nava命令,请安装

 7.OpenStack-管理界面Horzion


 最新版地址:https://launchpad.net/horizon/icehouse/2014.1.3/+download/horizon-2014.1.3.tar.gz
Horizon 安装
[root@linux-node1 ~]# cd /usr/local/src/horizon-2014.1.3
[root@linux-node1 horizon-2014.1.3]# python setup.py install
安装 Apache 和 wsgi
[root@linux-node1 conf.d]# yum install -y httpd mod_wsgi


Horizon 配置
[root@linux-node1 src]# mv horizon-2014.1.3 /var/www/
[root@linux-node1 src]# cd /var/www/horizon-2014.1.3/openstack_dashboard/local
[root@linux-node1 local]# mv local_settings.py.example local_settings.py
修改 local_settings.py 以下内容

OPENSTACK_HOST = "192.168.56.111"

Apache 配置
相关话题: 集群中的 Session 解决方案。
1.Session 保持 用户 -A 服务器 用户 -B 服务器 apahce+tomcat mod_jk Nginx ip_hash
2.Session 复制 Tomcat Jboss
3.Session 共享 Memcached PHP MySQL

[root@linux-node1 local]# chown -R apache:apache /var/www/horizon-2014.1.3/                //给apache权限


[root@linux-node1 ~]# vim /etc/httpd/conf.d/horizon.conf



<VirtualHost *:80>
ServerAdmin225857@qq.com
ServerName 10.0.1.241
DocumentRoot /var/www/horizon-2014.1.3/
ErrorLog /var/log/httpd/horizon_error.log
LogLevel info
CustomLog /var/log/httpd/horizon_access.log combined
WSGIScriptAlias / /var/www/horizon-2014.1.3/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=apache group=apache processes=3 threads=10
home=/var/www/horizon-2014.1.3
WSGIApplicationGroup horizon
SetEnv APACHE_RUN_USER apache
SetEnv APACHE_RUN_GROUP apache
WSGIProcessGroup horizon
Alias /media /var/www/horizon-2014.1.3/openstack_dashboard/static
<Directory /var/www/horizon-2014.1.3/>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
WSGISocketPrefix /var/run/horizon


如果提示home段有错,请将该行放到上行;
[root@linux-node1 ~]# chown -R apache:apache /var/www/horizon-2014.1.3/
[root@linux-node1 ~]# /etc/init.d/httpd restart



8.OpenStack-网络服务Neutron



1 Networking ServicesNeutron

1.1 Neutron 安装
[root@openstack-node1 ~]# cd /usr/local/src/neutron-2014.1.3
[root@openstack-node1 neutron-2014.1.3]# python setup.py install

1.2 Neutron 配置

1.2.1配置文件初始化
复制模板配置文件到配置目录下。
[root@openstack-node1 neutron-2014.1.3]# mkdir /etc/neutron
[root@openstack-node1 neutron-2014.1.3]# mkdir /var/log/neutron
[root@openstack-node1 neutron-2014.1.3]# mkdir /var/lib/neutron
[root@openstack ~]# mkdir /var/run/neutron
[root@openstack-node1 neutron-2014.1.3]# cp -a etc/* /etc/neutron/

1.2.2 Neutron 数据库配置
[root@openstack ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql://neutron:neutron@192.168.56.111:3306/neutron

1.2.3 Keystone 相关设置
[root@openstack ~]# vim /etc/neutron/neutron.conf
auth_strategy = keystone    //视频里没有改这个参数
[keystone_authtoken]
auth_host = 192.168.56.111

auth_port = 35357
auth_protocol = http
admin_tenant_name = admin
admin_user = admin
admin_password = admin

1.2.4 RabbitMQ 相关设置
[root@openstack ~]# vim /etc/neutron/neutron.conf
rabbit_host = 192.168.56.111
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
rabbit_virtual_host = /
1.2.5 Nova相关配置在neutron.conf
[root@openstack ~]# vim /etc/neutron/neutron.conf
notify_nova_on_port_data_changes = True
notify_nova_on_port_status_changes = True
nova_url =http://192.168.56.111:8774/v2
nova_admin_username = admin
nova_admin_password = admin
nova_admin_auth_url =http://192.168.56.111:35357/v2.0
1.2.6网络和日志相关配置
core_plugin = ml2
service_plugins = router
verbose = true

debug = true
log_file = neutron.log
log_dir = /var/log/neutron
1.2.7 Nova相关配置在nova.conf
vim /etc/nova/nova.conf
notify_nova_on_port_status_changes = True        //没有这个参数
neutron_url=http://192.168.56.111:9696     ;访问地址
neutron_admin_username=admin
neutron_admin_password=admin
neutron_admin_tenant_name=admin
neutron_admin_auth_url=http://192.168.56.111:5000/v2.0
neutron_auth_strategy=keystone
vif_plugging_is_fatal=false
vif_plugging_timeout=10
linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
security_group_api=neutron
network_api_class = nova.network.neutronv2.api.API
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
my_ip=192.168.56.111
修改完毕 nova.conf后,需要重启 nova 相关服务。
[root@openstack ~]# for i in {api,cert,conductor,consoleauth,novncproxy,scheduler};do
/etc/init.d/openstack-nova-$i restart;done
1.2.8创建Neutron Service endpoint
[root@openstack-node1 ~]# keystone service-create --name neutron --type network --description "OpenStack

Networking"
[root@openstack-node1 ~]# keystone endpoint-create \
> --service-id=196e8d8ef27f424b9ce1c13c5fef849e \
> --publicurl=http://192.168.56.111:9696 \
> --adminurl=http://192.168.56.111:9696 \
> --internalurl=http://192.168.56.111:9696
1.3 Neutron Plugin
Neutron 支持很多的网络插件,此次方案使用 Linux bridge 的 FLAT 模式。
1.3.1 Neutron ML2配置
[root@openstack-node1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat
tenant_network_types = flat
flat_networks = physnet1
enable_security_group = True
mechanism_drivers = linuxbridge    ;物理机使用的驱动
1.3.2 Linuxbridge配置
[root@linux-node2 ~]# vim /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = physnet1    ;VLAN范围
physical_interface_mappings = physnet1:eth0  //映射的物理网卡名
enable_security_group = True
1.4 neutron 启动
[root@openstack-node1 ~]#neutron-server \
--config-file=/etc/neutron/neutron.conf \
--config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \
--config-file=/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
[root@openstack-node1 ~]# neutron-linuxbridge-agent \
--config-file=/etc/neutron/neutron.conf \
config-file=/etc/neutron/plugins/ml2/ml2_conf.ini \
--config-file=/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
[root@openstack init.d]# cp openstack-neutron-* /etc/init.d/
[root@openstack init.d]# chmod +x /etc/init.d/openstack-neutron-*
[root@openstack init.d]# chkconfig --add openstack-neutron-server
[root@openstack init.d]# chkconfig --add openstack-neutron-linuxbridge-agent
[root@openstack init.d]# /etc/init.d/openstack-neutron-server start
Starting openstack-neutron-server: [ OK ]
[root@openstack init.d]# /etc/init.d/openstack-neutron-linuxbridge-agent start
Starting openstack-neutron-linuxbridge-agent: [ OK ]
1.5测试 Neutron 安装
[root@openstack ~]# neutron agent-lis



9.OpenStack-计算节点集群



1.1 基础软件包安装
[root@openstack-node2 ~]# yum install -y python-pip gcc gcc-c++ make libtool patch automake \
libxslt-devel MySQL-python openssl-devel kernel kernel-devel libudev-devel python-devel \
git wget lvm2 libvirt-python libvirt qemu-kvm gedit \
python-numdisplay device-mapper bridge-utils avahi libffi-devel
1.2 libvirtd 和 messagebus 设置
[root@openstack-node2 ~]# /etc/init.d/messagebus restart
[root@openstack-node2 ~]# /etc/init.d/libvirtd restart
[root@openstack-node2 ~]# /etc/init.d/avahi-daemon restart
[root@openstack-node2 ~]# chkconfig libvirtd on
[root@openstack-node2 ~]# chkconfig messagebus on
[root@linux-node3 ~]# chkconfig avahi-daemon on
1.3 Nova compute 安装

scp nova    neut.tar.gz 10.0.1.242:/usr/local/src

[root@openstack-node2 src]# cd nova-2014.1.3/
[root@openstack-node2 nova-2014.1.3]# python setup.py install
[root@openstack-node2 ~]# mkdir /var/log/nova
[root@openstack-node2 ~]# mkdir -p /var/lib/nova/instances


nova启动不了,提示

nova-compute –config-file=/etc/nova/nova.conf
2015-01-01 18:54:02.048 3914 DEBUG nova.servicegroup.api [-] ServiceGroup driver defined as an instance of db __new__ /usr/lib/python2.6/site-packages/nova/servicegroup/api.py:65
2015-01-01 18:54:02.267 3914 INFO nova.openstack.common.periodic_task [-] Skipping periodic task _periodic_update_dns because its interval is negative
2015-01-01 18:54:02.416 3914 DEBUG stevedore.extension [-] found extension EntryPoint.parse(‘file = nova.image.download.file’) _load_plugins /usr/lib/python2.6/site-packages/stevedore/extension.py:156
2015-01-01 18:54:02.422 3914 ERROR stevedore.extension [-] Could not load ‘file': cannot import name util
2015-01-01 18:54:02.423 3914 ERROR stevedore.extension [-] cannot import name util
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension Traceback (most recent call last):
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/stevedore/extension.py”, line 162, in _load_plugins
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension verify_requirements,
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/stevedore/extension.py”, line 178, in _load_one_plugin
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension plugin = ep.load(require=verify_requirements)
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/pkg_resources.py”, line 1948, in load
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension entry = __import__(self.module_name, globals(),globals(), [‘__name__’])
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/nova/image/download/file.py”, line 23, in
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension import nova.virt.libvirt.utils as lv_utils
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/nova/virt/libvirt/__init__.py”, line 15, in
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension from nova.virt.libvirt import driver
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension File “/usr/lib/python2.6/site-packages/nova/virt/libvirt/driver.py”, line 59, in
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension from eventlet import util as eventlet_util
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension ImportError: cannot import name util
2015-01-01 18:54:02.423 3914 TRACE stevedore.extension
2015-01-01 18:54:02.428 3914 INFO nova.virt.driver [-] Loading compute driver ‘libvirt.LibvirtDriver’
2015-01-01 18:54:02.445 3914 ERROR nova.virt.driver [-] Unable to load the virtualization driver
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver Traceback (most recent call last):
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver File “/usr/lib/python2.6/site-packages/nova/virt/driver.py”, line 1299, in load_compute_driver
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver virtapi)
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver File “/usr/lib/python2.6/site-packages/nova/openstack/common/importutils.py”, line 52, in import_object_ns
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver return import_class(import_str)(*args, **kwargs)
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver File “/usr/lib/python2.6/site-packages/nova/openstack/common/importutils.py”, line 33, in import_class
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver traceback.format_exception(*sys.exc_info())))
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver ImportError: Class LibvirtDriver cannot be found ([‘Traceback (most recent call last):\n’, ‘ File “/usr/lib/python2.6/site-packages/nova/openstack/common/importutils.py”, line 29, in import_class\n return getattr(sys.modules[mod_str], class_str)\n’, “AttributeError: ‘module’ object has no attribute ‘LibvirtDriver’\n”])
2015-01-01 18:54:02.445 3914 TRACE nova.virt.driver

解决: yum install python-eventlet





1.4 Neutron Linuxbridge 安装
[root@linux-node3 ~]# cd /usr/local/src
[root@linux-node3 src]# cd neutron-2014.1
[root@linux-node3 neutron-2014.1]# python setup.py install
[root@openstack-node2 ~]# mkdir /var/log/neutron
[root@openstack-node2 ~]# mkdir /var/lib/neutron
1.5 配置文件设置
请将控制节点的配置文件直接复制过来吧。是的,不用怀疑就是这么简单。然后做下面的小修改。
Nova.conf需要修改以下两行:
vncserver_listen=
vncserver_proxyclient_address=
linuxbridge_conf.ini 需要注意网卡的别名是 eth0 还是 em1
physical_interface_mappings = physnet1:em1
2创建FLAT网络
[root@linux-node1 ~]# keystone tenant-list
[root@linux-node1 ~]#neutron net-create --tenant-id 6fa47279884142d5a15105da6d6bca02 flat_net --shared
--provider:network_type flat --provider:physical_network physnet1     //shared 共享网络DEMO
下次课就可以开始创建云主机了。

后台内创建子网


3制作PyPi仓库



10.OpenStack-云主机创建流程详解


DEMO登陆---实例---启动虚拟机



流程 keystone---nova; nova内部 ; nova和其它api   ; nova和KVM等