控制节点:
准备工作
- 配置网络,网卡配置说明,第一个网卡是用来连接外网,并且对外提供API接口,地址是在
192.168.1.xx
网段,注意要配置网关。
第二个网卡是负责openstack内部管理连接,负责controller和compute之间管理端的数据连接,使用192.168.100.xx
网段,内部网络不用配置网关。
第三个网卡是负责openstack数据层面的连接,使用192.168.200.xx
网段,内部网络不用配置网关。10是controller,11是compute1,12是compute2,如此类推。注意区分eth是千兆口还是万兆口。vi /etc/network/interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#For Exposing OpenStack API over the internet
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
#Not internet connected(used for OpenStack management)
auto eth1
iface eth1 inet static
address 192.168.100.10
netmask 255.255.255.0
#DATA_INTERFACE
auto eth3
iface eth3 inet static
address 192.168.200.10
netmask 255.255.255.0service networking restart
- 配置本机的hostname hostname controller,更改hosts文件
vi /etc/hosts
1
2
3
4
5
6127.0.0.1 localhost
192.168.100.10 controller
192.168.100.11 compute1
192.168.100.12 compute2
192.168.100.13 compute3
192.168.1.12 controller_ext - 更新教育网的源
vi /etc/apt/sources.list
更新源1
2
3
4
5
6
7
8
9
10deb http://mirror.bjtu.edu.cn/ubuntu/ precise main multiverse restricted universe
deb http://mirror.bjtu.edu.cn/ubuntu/ precise-backports main multiverse restricted universe
deb http://mirror.bjtu.edu.cn/ubuntu/ precise-proposed main multiverse restricted universe
deb http://mirror.bjtu.edu.cn/ubuntu/ precise-security main multiverse restricted universe
deb http://mirror.bjtu.edu.cn/ubuntu/ precise-updates main multiverse restricted universe
deb-src http://mirror.bjtu.edu.cn/ubuntu/ precise main multiverse restricted universe
deb-src http://mirror.bjtu.edu.cn/ubuntu/ precise-backports main multiverse restricted universe
deb-src http://mirror.bjtu.edu.cn/ubuntu/ precise-proposed main multiverse restricted universe
deb-src http://mirror.bjtu.edu.cn/ubuntu/ precise-security main multiverse restricted universe
deb-src http://mirror.bjtu.edu.cn/ubuntu/ precise-updates main multiverse restricted universeapt-get update
添加openstack的源apt-get install python-software-properties add-apt-repository cloud-archive:havana
更新源,以及更新软件apt-get update -y apt-get upgrade -y apt-get dist-upgrade -y
reboot
- 安装NTP服务器来让计算节点节点同步时间
apt-get install ntp
apt-get install rsplib-tools
vi /etc/ntp.conf
1
2server 127.127.1.0
fudge 127.127.1.0 stratum 10service ntp restart
- 安装MySQL server
1
2
3apt-get install python-mysqldb mysql-server
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
/etc/init.d/mysql restart - 开启IP转发
1
2
3sed -i -r 's/^\s*#(net\.ipv4\.ip_forward=1.*)/\1/' /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -p - 安装其他服务
1
apt-get install -y vlan bridge-utils
- 配置网络,网卡配置说明,第一个网卡是用来连接外网,并且对外提供API接口,地址是在
配置
- 安装
rabbitmq
,是控制器统筹各个部件的软件,并修改用户guest
的密码为password
为每一个部件都建立数据库1
2apt-get install rabbitmq-server
rabbitmqctl change_password guest passwordmysql -u root -p
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25CREATE DATABASE keystone;
G RANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
CREATE DATABASE glance;
G RANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
CREATE DATABASE nova;
G RANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
CREATE DATABASE neutron;
G RANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
CREATE DATABASE cinder;
G RANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY 'password';
G RANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'password';
quit; - Keystone的安装,是openstack的验证模块
apt-get install keystone
修改对应的数据库连接vi /etc/keystone/keystone.conf
删除原始的本地数据库,以免错误调用1
connection = mysql://keystone:password@controller/keystone
rm /var/lib/keystone/keystone.db
service keystone restart
同步数据库keystone-manage db_sync
为各个部件在keystone
中添加用户,服务,和后端验证1
2
3vi keystone.sh
chmod +x keystone.sh
./keystone.shkeystone
导入本地变量1
2
3unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
keystone --os-username=admin --os-password=password --os-auth-url=http://controller:35357/v2.0 token-get
keystone --os-username=admin --os-password=password --os-tenant-name=admin --os-auth-url=http://controller:35357/v2.0 token-getvi keystonerc
1
2
3
4export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=http://controller_ext:35357/v2.01
2
3source keystonerc
keystone token-get
keystone user-list - Glance的安装,用于存储镜像
apt-get install glance
修改数据库连接,rabbit
的密码,keystone
的验证vi /etc/glance/glance-api.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15sql_connection = mysql://glance:password@controller/glance
#rabbit_password = guest
rabbit_password = password
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
[paste_deploy]
flavor = keystonevi /etc/glance/glance-registry.conf
删除原来的本地数据库,以免错误调用1
2
3
4
5
6
7
8
9
10
11
12sql_connection = mysql://glance:password@controller/glance
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password
[paste_deploy]
flavor = keystonerm /var/lib/glance/glance.sqlite
修改API调用时的keystone
验证信息vi /etc/glance/glance-api-paste.ini
1
2
3
4
5
6
7
8
9[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = passwordvi /etc/glance/glance-registry-paste.ini
重启服务1
2
3
4
5
6
7
8[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = password导入数据库1
2service glance-registry restart
service glance-api restartglance-manage db_sync
验证glance服务导入镜像1
2
3mkdir images
cd images
wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86\_64-disk.imgglance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img glance image-list
- 安装Neutron
安装Neutron的主体apt-get install neutron-server
配置rabbit
,keystone
和数据库的验证vi /etc/neutron/neutron.conf
配置API调用是的验证1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17[default]
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
rabbit_password = password
[keystone_authtoken]
auth_host = controller
admin_tenant_name = service
admin_user = neutron
admin_password = password
#auth_url = http://controller:35357/v2.0
[database]
connection = mysql://neutron:password@controller/neutronvi /etc/neutron/api-paste.ini
配置nova部分,之前要先安装nova-api,nova不设置防火墙,只调用neutron的防火墙1
2
3
4
5[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
admin_tenant_name = service
admin_user = neutron
admin_password = passwordvi /etc/nova/nova.conf
安装neutron的插件openvswitch1
2
3
4
5
6
7
8
9
10
11network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=password
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
#firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutronapt-get install neutron-plugin-openvswitch-agent
配置neutron插件,配置GRE模式vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
1
2
3
4
5
6
7
8
9
10[DATABASE]
#sql_connection = mysql://neutron:password@controller/neutron
connection = mysql://neutron:password@controller/neutron
[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
[SECURITYGROUP]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - 安装Nova
apt-get install nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler python-novaclient
配置rabbit,keystone,metadata,vncserver和数据库的验证vi /etc/nova/nova.conf
配置提供API的keystone验证1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44[DEFAULT]
rpc_backend = nova.rpc.impl_kombu
rabbit_host = controller
rabbit_userid = guest
rabbit_password = password
vncserver_proxyclient_address=#management ip
vncserver_listen=0.0.0.0
auth_strategy=keystone
glance_host=controller
# Network settings
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=password
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron
#Metadata
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = password
metadata_host = controller
metadata_listen = 0.0.0.0
metadata_listen_port = 8775
# Auth
#use_deprecated_auth=false
[database]
connection = mysql://nova:password@controller/nova
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = passwordvi /etc/nova/api-paste.ini
同步数据库1
2
3
4
5
6
7
8
9[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = nova
admin_password = password查看服务运行的状态1
2
3
4
5
6
7
8nova-manage db sync
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restartnova-manage service list
修改默认的quotavi /etc/nova/nova.conf
1
2
3quota_instances=100
quota_cores=1000
quota_ram=10485761
2
3
4
5
6
7
8
9service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
nova-manage db sync
nova-manage project quota admin - 安装horizon界面
apt-get install memcached libapache2-mod-wsgi openstack-dashboard
去掉Ubuntu相关的Openstack主题,bugapt-get remove --purge openstack-dashboard-ubuntu-theme
vi /etc/apache2/httpd.conf
1
ServerName controller_ext
1
2service apache2 restart
service memcached restart - 安装cinder,用于提供虚拟存储
apt-get install cinder-api cinder-scheduler
配置cinder数据库vi /etc/cinder/cinder.conf
1
2
3
4
5[database]
...
# The SQLAlchemy connection string used to connect to the
# database (string value)
connection = mysql://cinder:password@controller/cindercinder-manage db sync
配置keystone的验证vi /etc/cinder/api-paste.ini
1
2
3
4
5
6
7
8
9
10[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name=service
admin_user=cinder
admin_password=password
#auth_version = v2.0vi /etc/cinder/cinder.conf
1
2
3
4
5
6
7
8
9
10[DEFAULT]
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = password
glance_host=controller
glance_port=9292
glance_api_servers=controller:92921
2service cinder-scheduler restart
service cinder-api restart
- 安装
网络节点:
由于网络节点配置在控制节点上,所以第一部的准备工作就可以去掉
开启转发vi /etc/sysctl.conf
1 | net.ipv4.ip_forward=1 |
1 | sysctl -p |
- 安装neutron的各种网络服务
apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent neutron-l3-agent
配置验证信息vi /etc/neutron/neutron.conf
配置提供API的验证信息1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19[default]
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
rabbit_userid = guest
rabbit_password = password
[keystone_authtoken]
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = password
[database]
connection = mysql://neutron:password@controller/neutronvi /etc/neutron/api-paste.ini
指定提供dhcp的驱动服务1
2
3
4
5
6
7
8
9
10[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host=controller
auth_port = 35357
auth_protocol = http
auth_uri = http://controller:5000/v2.0
admin_tenant_name = service
admin_user = neutron
admin_password = password
#page 73vi /etc/neutron/dhcp_agent.ini
1
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
vi /etc/nova/nova.conf
1
2
3
4
5
6[DEFAULT]
service_neutron_metadata_proxy = true
neutron_metadata_proxy_shared_secret = password
metadata_host = controller
metadata_listen = 0.0.0.0
metadata_listen_port = 8775配置meta的验证服务1
service nova-api restart
vi /etc/neutron/metadata_agent.ini
1
2
3
4
5
6
7
8[DEFAULT]
auth_url = http://controller:5000/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = neutron
admin_password = password
nova_metadata_ip = controller
metadata_proxy_shared_secret = password安装neutron的插件openvswtich1
2
3
4
5service neutron-server restart
service neutron-dhcp-agent restart
service neutron-l3-agent restart
service neutron-metadata-agent restart
service neutron-plugin-openvswitch-agent restart把提供外部API的网口桥接到1
2
3
4apt-get install neutron-plugin-openvswitch-agent openvswitch-switch
service openvswitch-switch restart
ovs-vsctl add-br br-int
ovs-vsctl add-br br-exbr-ex
上ovs-vsctl add-port br-ex eth0
修改网卡配置,把eth0
改成混杂模式,把br-ex
改成eth0
的ip配置vi /etc/network/interfaces
1
2
3
4
5
6
7
8
9
10
11
12
13#For Exposing OpenStack API over the internet
auto eth0
iface eth0 inet manual
up ifconfig eth0 0.0.0.0 up
up ip link set eth0 promisc on
down ip link set eth0 promisc off
down ifconfig eth0 down
auto br-ex
iface br-ex inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1/etc/init.d/networking restart
配置l3_agent
和dhcp_agent
vi /etc/neutron/l3_agent.ini
1
2interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = Truevi /etc/neutron/dhcp_agent.ini
配置neutron的插件为openvswitch1
2interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = Truevi /etc/neutron/neutron.conf
1
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
service neutron-plugin-openvswitch-agent restart
配置插件为GRE模式vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
1
2
3
4
5
6
7
8
9
10
11[OVS]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = #tunnel ip
[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriverservice neutron-plugin-openvswitch-agent restart