CentOS6搭建Openstack[Icehouse]控制节点

CentOS6搭建Openstack[Icehouse]控制节点 - 1
OpenStack是IaaS(基礎設施即服務)軟件,讓任何人都可以自行建立和提供雲端運算服務。此外,OpenStack也用作建立防火牆內的「私有雲」(Private Cloud),提供機構或企業內各部門共享資源。
-Wiki
好久没有更新博客了,最近事情太多了,最近按照官方文档搭建了一下openstack环境,搭成功了。

我配置的openstack所有节点都是单网卡,但生产环境中应该把管理网络和外网分开来,我这里只做个安装过程的示范。
基本环境配置
1.配置hosts文件使多节点间能相互通讯

	/etc/hosts
	#控制节点(负责keystone验证、glance镜像存储等服务)
	192.168.1.100 CloudController
	#计算节点
	192.168.1.101 CloudNova
	#网络节点
	192.168.1.102 CloudNeutron

2.配置yum源

	yum install https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm
	yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
	#安装好openstack的源后要修改源文件里面的baseurl
	vim /etc/yum.repo.d/rdorelease.repo
	https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/

3.安装gmp6.1
后面配置keystone的时候会提示gmp版本过低,所以编译安装新版本呢的GMP

	#安装编译所需的软件
	yum -y groupinstall "Development tools" 
	yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-developenssl-devel zlib-devel bzip2-devel ncurses-devel
	#下载GMP
	wget --no-check-certificate https://gmplib.org/download/gmp/gmp-6.1.0.tar.xz
	xz -d gmp-6.1.0.tar.xz
	tar xvf gmp-6.1.0.tar.xz
	cd gmp-6.1.0
	./configure
	make
	make check
	make install

4.安装配置openstack
安装openstack基本配置工具和openstackselinux管理工具,更新系统并重启

	yum install openstack-utils
	yum install openstack-selinux
	yum update
	reboot

5.安装ntp服务器和mysql服务器

	yum install ntp
	service ntpd start
	chkconfig ntpd on
	yum install mysql mysql-server MySQL-python
	vim /etc/my.cnf

	#在[mysqld]下添加下列语句,绑定IP和修改字符集
	bind-address = 192.168.1.100
	default-storage-engine = innodb
	innodb_file_per_table
	collation-server = utf8_general_ci
	init-connect = 'SET NAMES utf8'
	character-set-server = utf8

	service mysqld start
	chkconfig mysqld on
	mysql_install_db
	mysql_secure_installation

6.安装消息服务器

	yum install qpid-cpp-server
	vim /etc/qpidd.conf

	#设置auth为no
	auth=no

	service qpidd start
	chkconfig qpidd on

Keystone认证组件基本配置(你可以使用openstack-config来配置也可以直接编辑配置文件)
1.

yum install openstack-keystone python-keystoneclient
	openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123@CloudController/keystone
	#建立keystone数据库并建立keystone用户
	mysql -u root -p
	create database keystone;
	grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123';
	grant all privileges on keystone.* to 'keystone'@'%' identified by '123';
	exit
	#初始化数据库
	su -s /bin/sh -c "keystone-manage db_sync" keystone
	#利用openssl生成token值赋值到变量
	$ADMIN_TOKEN=$(openstack rand -hex 10)
	#输出变量查看token值(后面要用到,最好复制下)
	echo $ADMIN_TOKEN
	#将token应用到keystone
	openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
	keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
	chown -R keystone:keystone /etc/keystone/ssl
	chmod -R o-rwx /etc/keystone/ssl

	service openstack-keystone start
	chkconfig openstack-keystone onw

	#定期清除过期token
	(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone

2.keystone创建管理员等基本账户

	export OS_SERVICE_TOKEN=[生成的token值]
	export OS_SERVICE_ENDPOINT=http://CloudController:35357/v2.0
	
	#建立管理员用户/角色/租户并关联起来
	keystone user-create --name=admin --pass=123 [email protected]
	keystone role-create --name=admin
	keystone tenant-create --name=admin --description="Admin Tenant"
	keystone user-role-add --user=admin --tenant=admin --role=admin
	keystone user-role-add --user=admin --role=_member_ --tenant=admin
	#建立演示账户并关联
	keystone user-create --name=demo --pass=123 [email protected]
	keystone tenant-create --name=demo --description="Demo Tenant"
	keystone user-role-add --user=demo --role=_member_ --tenant=demo
	#建立service租户用并建立keystone服务且注册keystone节点
	keystone tenant-create --name=service --description="Service Tenant"
	keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
	keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://CloudController:5000/v2.0 --internalurl=http://CloudController:5000/v2.0 --adminurl=http://CloudController:35357/v2.0CloudController
	#建立一个admin-openrc.sh,执行keystone语句如果出现token问题只需执行这个文件加载一下变量就行了
	vim /root/admin-openrc.sh
	export OS_USERNAME=admin
	export OS_PASSWORD=123
	export OS_TENANT_NAME=admin
	export OS_AUTH_URL=http://CloudController:35357/v2.0

	source ~/admin-openrc.sh
	#验证keystone是否配置成功
	keystone token-get

Glance镜像存储组件安装与基本配置

	yum install openstack-glance python-glanceclient
	#将glance与数据库进行连接
	openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:glance@CloudController/glance
	openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@CloudController/glance
	#建立glance数据库和用户
	mysql -u root -p
	create database glance;
	grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance';
	grant all privileges on glance.* to 'glance'@'%' identified by 'glance';
	exit
	#初始化数据库
	su -s /bin/sh -c "glance-manage db_sync" glance
	#通过keystone验证glance服务
	keystone user-create --name=glance --pass=glance [email protected]
	keystone user-role-add --user=glance --tenant=service --role=admin
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://CloudController:5000
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host CloudController
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
	openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password 123
	openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://CloudController:5000
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host CloudController
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
	openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password 123
	openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
	#建立glance服务并注册节点
	keystone service-create --name=glance --type=image --description="OpenStack Image Service"
	keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://CloudController:9292 --internalurl=http://CloudController:9292 --adminurl=http://CloudController:9292

	service openstack-glance-api start
	service openstack-glance-registry start
	chkconfig openstack-glance-api on
	chkconfig openstack-glance-registry on

	#测试glance服务是否配置成功(出现token问题记得执行下source admin-openrc.sh)
	wget http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
	glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img
	glance image-list

Nova服务组件安装配置

	yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
	#配置nova与数据库连接
	openstack-config --set /etc/nova/nova.conf  database connection mysql://nova:123@CloudController/nova
	#配置nova使用qpid消息服务器
	openstack-config --set /etc/nova/nova.conf  DEFAULT rpc_backend qpid
	#配置VNC服务器(填写控制节点IP地址)
	openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname CloudController
	openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.1.100
	openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.1.100
	openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.1.100
	#建立nova数据库与用户
	mysql -u root -p
	create database nova;
	grant all privileages on nova.* to 'nova'@'localhost' identified by '123';
	grant all privileages on nova.* to 'nova'@'%' identified by '123';
	exit;
	#初始化nova数据库
	su -s /bin/sh -c "nova-manage db sync" nova
	#将nova通过keystone进行认证
	keystone user-create --name=nova --pass=nova [email protected]
	keystone user-role-add --user=nova --tenant=service --role=admin
	openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
	openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://CloudController:5000
	openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host CloudController
	openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
	openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
	openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
	openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
	openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password 123
	#建立nova服务并注册节点
	keystone service-create --name=nova --type=compute --description="OpenStack Compute"
	keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://CloudController:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s
	
	service openstack-nova-api start
	service openstack-nova-cert start
	service openstack-nova-consoleauth start
	service openstack-nova-scheduler start
	service openstack-nova-conductor start
	service openstack-nova-novncproxy start
	chkconfig openstack-nova-api on
	chkconfig openstack-nova-cert on
	chkconfig openstack-nova-conductor on
	chkconfig openstack-nova-scheduler on
	chkconfig openstack-nova-consoleauth on
	chkconfig openstack-nova-novncproxy on

	#测试nova服务
	nova image-list

Neutron组件安装配置

	yum install openstack-neutron openstack-neutron-ml2 python-neutronclient
	#建立neutron用户并注册节点
	keystone user-create --name neutron --pass 123 --email [email protected]
	keystone user-role-add --user neutron --tenant service --role admin
	keystone service-create --name=neutron --type=network --description="OpenStack Networking"
	keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://CloudController:9696 --adminurl http://CloudController:9696 --internalurl http://CloudController:9696
	#将neutron与数据库进行连接
	openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:123@CloudController/neutron
	#建立neutron数据库
	mysql -u root -p
	create database neutron;
	grant all privileages on neutron.* to 'neutron'@'localhost' identified by '123';
	grant all privileages on neutron.* to 'neutron'@'%' identified by '123';
	exit;
	#将neutron与keyston验证
	openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://CloudController:5000
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host CloudController
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
	openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password 123
	#配置neutron使用qpid消息服务
	openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid
	openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname CloudController
	#配置网络拓扑变化通知
	openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
	openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
	openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://CloudController:8774/v2
	openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
	openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
	openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password 123
	openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://CloudController:35357/v2.0
	#配置neutron关联ML2插件(ML2利用ovs来构建虚拟网络框架,但控制节点不需要ovs,因为目前的搭建结构控制节点不处理虚拟机网络通信,具体怎么样博主也在学习,所以可能这句话是错的)
	openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
	openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
	#配置ML2插件使用GRE模式(是不是觉得openstack模式很复杂?这里的GRE模式是类似交换机VLAN的东西)
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers gre
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
	openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
	#配置nova节点keystone认证
	openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://CloudController:9696
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password 123
	openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://CloudController:35357/v2.0
	openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
	openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
	openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron security_group_api neutron
	#建立ML2软连接
	ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

	service openstack-nova-api start
	service openstack-nova-scheduler start
	service openstack-nova-conductor start
	service neutron-server start
	chkconfig neutron-server on

2016-8更新openstack控制面板安装

#安装dashboard组件
yum install memcached python-memcached mod_wsgi openstack-dashboard
#修改/etc/openstack-dashboard/local_setting文件
#修改Allowed_hosts允许任何主机访问控制面板
ALLOWED_HOSTS = ['*']
#修改缓存会话服务的location为127.0.0.1:11211
CACHES = {
    'default': {
        'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION' : '127.0.0.1:11211',
    }
}

#重启服务并添加到开机启动
service httpd restart
chkconfig httpd on
service memcached restart
chkconfig memcached on

2 thoughts on “CentOS6搭建Openstack[Icehouse]控制节点”

Leave a Reply

Your email address will not be published. Required fields are marked *