学习openstack(二)
OpenStack企业私有云实践
1. 实验架构
OpenStack我们把它当作是一个全新的“Linux”系统来学习,有的时候我们也把OpenStack称之为一个新的Linux系统。
l 部分组件介绍:
Ø RabbitMQè消息队列组件(组件之间的通讯)
Ø Horizonè提供图形界面的组件
Ø KeyStoneè各个组件的注册和验证
Ø Glanceè“镜像”管理组件
Ø MySQLè存储各个组件的数据
2. OpenStack插件服务简介
2.1. Keystone验证服务
ü 用户与认证:用户权限与用户行为跟踪;
ü 服务目录:提供一个服务目录,包括所有服务项与相关Api的端点
2.2. Glance镜像服务
² User:用户
² Tenant:租户
² Token:令牌
² Role:角色
² Service:服务
² Endpoint:端点
2.3. Nova计算服务
Ø API:负责接收和响应外部请求。支持OpenStack API, EC2API。
Ø Cert:负责身份认证。
Ø Scheduler:用于云主机调度。
Ø Conductor:计算节点访问数据的中间件。
Ø Consoleauth:用于控制台的授权验证。
Ø Novncproxy: VNC代理。
Nova Dashboard(nova仪表盘)
Ø 提供一个Web界面操作OpenStack的系统。
Ø 使用Django框架基于OpenStack API开发。
Ø 支持将Session存储在DB、 Memcached。
Ø 支持集群。
Nova scheduler
Nova Scheduler模块在OpenStack中的作用就是决策虚拟机创建在哪个主机(计算节点)上。
决策一个虚拟机应该调度到某物理节点,需要分两个步骤:
1. 过滤(Fliter)
2. 计算权值(Weight)
3. 基础环境准备(统一操作)
3.1. 更改主机名
计算节点:
1
2
3
hostname linux-node1.example.com
vim /etc/sysconfig/network
HOSTNAME=linux-node1.example.com
控制节点:
1
2
3
hostname linux-node2.example.com
vim /etc/sysconfig/network
HOSTNAME=linux-node2.example.com
3.2. 统一更改hosts文件
1
2
3
[root@localhost ~]``# tail -2 /etc/hosts
192.168.1.36 linux-node1.example.com linux-node1
192.168.1.37 linux-node2.example.com linux-node2
退出从新登录:
1
2
[root@linux-node1 ~]``# ping linux-node1
[root@linux-node1 ~]``# ping linux-node2
3.3. 关闭Selinux与Iptables
1
2
3
grep "SELINUX=disabled" /etc/selinux/config
chkconfig iptables off
/etc/init``.d``/iptables stop
3.4. 时间同步
1
2
3
4
/usr/sbin/ntpdate time``.nist.gov
[root@linux-node1 ~]``# crontab -l
#time sync by nick at 2015-3-21
*``/5 * * * * /usr/sbin/ntpdate time``.nist.gov >``/dev/null 2>&1
3.5. 安装epel包
1
2
rpm -ivh
http:``//mirrors``.ustc.edu.cn``/fedora/epel//6/x86_64/epel-release-6-8``.noarch.rpm
4. 安装部署(控制节点操作)
4.1. 安装基础包
1
yum install -y python-pip gcc gcc-c++ make libtool patch automake python-devel libxslt-devel MySQL-python openssl-devel libudev-devel git wget libvirt-python libvirt qemu-kvm gedit python-numdisplay python-eventlet device-mapper bridge-utils libffi-devel libffi
4.2. MySQL安装与配置
4.2.1. Install MySQL
1
yum install mysql-server
4.2.2. Config MySQL
1
2
3
4
5
6
7
8
cp /usr/share/mysql/my-medium``.cnf /etc/my``.cnf
vim /etc/my``.cnf
#在[mysqld]标签下配置
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-``set``-server = utf8
4.2.3. 启动MySQL
1
2
[root@linux-node1 ~]``# /etc/init.d/mysqld start
[root@linux-node1 ~]``# chkconfig mysqld on
4.2.4. Created MySQL database
把所有的库一块创建出来,后面的组件会用到。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
mysql> create database keystone;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on keystone.* to keystone@``' 192.168.1.0/255.255.255.0' identified by 'keystone'``;
Query OK, 0 rows affected (0.00 sec)
mysql> create database glance;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on glance.* to glance@``' 192.168.1.0/255.255.255.0' identified by 'glance'``;
Query OK, 0 rows affected (0.00 sec)
mysql> create database nova;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on nova.* to nova@``' 192.168.1.0/255.255.255.0' identified by 'nova'``;
Query OK, 0 rows affected (0.00 sec)
mysql> create database neutron;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on neutron.* to neutron@``' 192.168.1.0/255.255.255.0' identified by 'neutron'``;
Query OK, 0 rows affected (0.00 sec)
mysql> create database cinder;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on cinder.* to cinder@``' 192.168.1.0/255.255.255.0' identified by 'cinder'``;
Query OK, 0 rows affected (0.00 sec)
mysql>
4.3. RabbitMQ安装与配置
4.3.1. Install rabbitmq
1
yum install rabbitmq-server
4.3.2. Start rabbitmq
1
2
3
4
[root@linux-node1 ~]``# /etc/init.d/rabbitmq-server start
Starting rabbitmq-server: SUCCESS
rabbitmq-server.
[root@linux-node1 ~]``# chkconfig rabbitmq-server on
注意:如果主机名不能解析,会导致启动不了。
4.3.3. 启用rabbitmq自带的web管理插件
1
2
/usr/lib/rabbitmq/bin/rabbitmq-plugins list ##列出rabbitmq当前有哪些插件
/usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management ##启用管理插件
操作过程:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@linux-node1 ~]``# /usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.
#重启rabbitmq
[root@linux-node1 ~]``# /etc/init.d/rabbitmq-server restart
Restarting rabbitmq-server: SUCCESS
rabbitmq-server.
[root@linux-node1 ~]``# netstat -lntup|grep -E "15672|5672"
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 2542``/beam
tcp 0 0 0.0.0.0:55672 0.0.0.0:* LISTEN 2542``/beam
tcp 0 0 :::5672 :::* LISTEN 2542``/beam
rabbitmq监控的端口是5672,web管理端口是15672和55672。
4.3.4. 登录rabbitmq的web管理界面
在浏览器里输入http://192.168.1.36:15672/
用户名:guest
密 码:guest
4.3.5. RabbitMQ的web管理界面
4.4. KeyStone安装与配置
4.4.1. Install keystone
1
2
yum install http:``//repos``.fedorapeople.org``/repos/openstack/openstack-icehouse/rdo-release-icehouse-4``.noarch.rpm
yum install openstack-keystone python-keystoneclient
4.4.2. 创建keystone需要使用的pki令牌
快速执行命令:
1
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
操作过程:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@linux-node1 ~]``# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
Generating RSA private key, 2048 bit long modulus
.+++
....................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...............+++
......+++
e is 65537 (0x10001)
Using configuration from /etc/keystone/ssl/certs/openssl``.conf <==默认创建的证书目录
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:``'US'
stateOrProvinceName :ASN.1 12:``'Unset'
localityName :ASN.1 12:``'Unset'
organizationName :ASN.1 12:``'Unset'
commonName :ASN.1 12:``'www.example.com'
Certificate is to be certified until May 16 03:01:29 2025 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
[root@linux-node1 ~]``#
4.4.3. Config ssl permission
上面创建完成之后,默认会生成“/etc/keystone/ssl/”证书目录及证书文件,此时需要设置目录的权限。
快速执行命令:
1
2
chown -R keystone:keystone /etc/keystone/ssl/
chmod -R o-rwx /etc/keystone/ssl/
操作过程:
1
2
[root@linux-node1 ~]``# chown -R keystone:keystone /etc/keystone/ssl/
[root@linux-node1 ~]``# chmod -R o-rwx /etc/keystone/ssl/
4.4.4. 配置keystone的admin_token
Keystone的所有配置都在一个文件里,即:/etc/keystone/keystone.conf
1) 打开配置文件并编辑:
1
2
3
4
vim /etc/keystone/keystone``.conf
[root@linux-node1 ~]``# egrep -n "^[a-z]" /etc/keystone/keystone.conf
13:admin_token=ADMIN
619:connection=mysql:``//keystone``:keystone@192.168.1.36``/keystone
2) 同步数据库
配置keystone之后,需要同步数据库,作用是建立keystone的表结构。
快速执行命令:
1
2
keystone-manage db_sync
mysql -h 192.168.1.36 -u keystone -pkeystone -e "use keystone;show tables;"
操作结果:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@linux-node1 ~]``# keystone-manage db_sync ç没返回任何结果则为正常
[root@linux-node1 ~]``# mysql -h 192.168.1.36 -u keystone -pkeystone -e "use keystone;show tables;" <==验证同步的数据库结构表
+-----------------------+
| Tables_in_keystone |
+-----------------------+
| assignment |
| credential |
| domain |
| endpoint |
| group |
| migrate_version |
| policy |
| project |
| region |
| role |
| service |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
+-----------------------+
错误记录:
1
2
[root@linux-node1 ~]``# mysql -h 192.168.1.36 -u keystone -pkeystone -e "use keystone;show tables;"
ERROR 1045 (28000): Access denied for user 'keystone'``@``'linux-node1.example.com' (using password: YES)
如果报以上错误,经过排查后发现是MySQL的keystone用户没有权限所导致,当然上面的数据同步也就不会成功。解决方法可以重新授权keystone用户,如下:
1
grant all on keystone.* to keystone@``'192.168.1.0/255.255.255.0' identified by 'keystone'``;
4.4.5. 配置keystone的Debug及日志功能
1
2
3
4
vim /etc/keystone/keystone``.conf
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/keystone/keystone.conf
374:debug=``true
439:log_file=``/var/log/keystone/keystone``.log
打开debug之后,有什么问题都可以查看debug错误日志,以便后面实验排查解决错误。
ü 赵班长强心针:OpenStack所有问题,基本上都能解决。而且,看日志都能看出来,当在生产环境下的报错,你第一反应应该是看日志,而不是说先把报错发出来,没有用。
4.4.6. Start Keystone
终于到了启动keystone的环节了,继续ing:
1) 启动:
1
2
3
chown -R keystone:keystone /var/log/keystone/``*
/etc/init``.d``/openstack-keystone start
chkconfig openstack-keystone on
2) keystone监听的端口:
1
2
3
[root@linux-node1 ~]``# netstat -lntup|egrep "35357|5000"
tcp 0 0 0.0.0.0:35357 0.0.0.0:* LISTEN 24783``/python
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 24783``/python
3) keystone的三大类命令
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@linux-node1 ~]``# keystone --help|grep list
ec2-credentials-list
endpoint-list List configured service endpoints.
role-list List all roles.
service-list List all services in Service Catalog.
tenant-list List all tenants.
user-list List users``.
user-role-list List roles granted to a user.
[root@linux-node1 ~]``# keystone --help|grep create
ec2-credentials-create
endpoint-create Create a new endpoint associated with a service.
role-create Create new role.
service-create Add service to Service Catalog.
tenant-create Create new tenant.
user-create Create new user
[root@linux-node1 ~]``# keystone --help|grep delete
ec2-credentials-delete
endpoint-delete Delete a service endpoint.
role-delete Delete role.
service-delete Delete service from Service Catalog.
tenant-delete Delete tenant.
user-delete Delete user.
[root@linux-node1 ~]``#
Keystone的三大命令,所有操作都是用这三个。
4.4.7. 定义admin_token变量
export OS_SERVICE_TOKEN=ADMIN
export OS_SERVICE_ENDPOINT=http://192.168.1.36:35357/v2.0
操作过程:
1
2
3
4
5
6
7
8
9
10
11
12
[root@linux-node1 ~]``# export OS_SERVICE_TOKEN=ADMIN
[root@linux-node1 ~]``# export OS_SERVICE_ENDPOINT=http://192.168.1.36:35357/v2.0
[root@linux-node1 ~]``# echo $OS_SERVICE_TOKEN
ADMIN
[root@linux-node1 ~]``# echo $OS_SERVICE_ENDPOINT
http:``//192``.168.1.36:35357``/v2``.0
[root@linux-node1 ~]``# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+----------+
4.4.8. 注册keystone用户
1) 创建一个admin用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@linux-node1 ~]``# keystone user-create --name=admin --pass=admin --email=admin@example.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | admin@example.com |
| enabled | True |
| id | 4a736ea8cf804214b0754afefe8387ee |
| name | admin |
| username | admin |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-list
+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
| 4a736ea8cf804214b0754afefe8387ee | admin | True | admin@example.com |
+----------------------------------+-------+---------+-------------------+
a) 创建一个admin角色
1
2
3
4
5
6
7
[root@linux-node1 ~]``# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | f26d339da9a1468a89b35c49adecd777 |
| name | admin |
+----------+----------------------------------+
b) 创建一个admin租户
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 707f2d26cdd5477ea66ede0b5c216c23 |
| name | admin |
+-------------+----------------------------------+
c) 添加用户角色并建立关系
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# keystone user-role-add --user=admin --tenant=admin --role=admin
[root@linux-node1 ~]``# keystone user-role-add --user=admin --role=_member_ --tenant=admin
[root@linux-node1 ~]``# keystone role-list
+----------------------------------+----------+
| id | name |
+----------------------------------+----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| f26d339da9a1468a89b35c49adecd777 | admin |
+----------------------------------+----------+
2) 创建一个demo用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@linux-node1 ~]``# keystone user-create --name=demo --pass=demo
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 944ecced065d45f58b11c63097fc21ba |
| name | demo |
| username | demo |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-list
+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
| 4a736ea8cf804214b0754afefe8387ee | admin | True | admin@example.com |
| 944ecced065d45f58b11c63097fc21ba | demo | True | |
+----------------------------------+-------+---------+-------------------+
a) 创建一个demo租户
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# keystone tenant-create --name=demo --description="demo Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | demo Tenant |
| enabled | True |
| id | c4015c47e46f4b30bf68a6f39061ace3 |
| name | demo |
+-------------+----------------------------------+
b) 建立关系
1
[root@linux-node1 ~]``# keystone user-role-add --user=demo --role=_member_ --tenant=demo
3) 创建一个service用户
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# keystone tenant-create --name=service
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 628660545a044ac4ac5c1a16ca7f4a2c |
| name | service |
+-------------+----------------------------------+
a) 创建service和endpoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[root@linux-node1 ~]``# keystone service-create --name=keystone --type=identity
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | c84682b33e384a79814b1da93097616c |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone service-list
+----------------------------------+----------+----------+-------------+
| id | name | type | description |
+----------------------------------+----------+----------+-------------+
| c84682b33e384a79814b1da93097616c | keystone | identity | |
+----------------------------------+----------+----------+-------------+
[root@linux-node1 ~]``# keystone endpoint-create
> --service-``id``=$(keystone service-list | awk '/ identity / {print $2}'``)
> --publicurl=http:``//192``.168.1.36:5000``/v2``.0
> --internalurl=http:``//192``.168.1.36:5000``/v2``.0
> --adminurl=http:``//192``.168.1.36:35357``/v2``.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http:``//192``.168.1.36:35357``/v2``.0 |
| id | 0c919098a9ef48f8ac1880ba1c04c2c5 |
| internalurl | http:``//192``.168.1.36:5000``/v2``.0 |
| publicurl | http:``//192``.168.1.36:5000``/v2``.0 |
| region | regionOne |
| service_id | c84682b33e384a79814b1da93097616c |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone endpoint-list 在数据库里查到的结果
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
| 0c919098a9ef48f8ac1880ba1c04c2c5 | regionOne | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:35357``/v2``.0 | c84682b33e384a79814b1da93097616c |
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
[root@linux-node1 ~]``# unset OS_SERVICE_TOKEN 一定要取消这两个变量
[root@linux-node1 ~]``# unset OS_SERVICE_ENDPOINT
[root@linux-node1 ~]``# keystone --os-username=admin --os-password=admin --os-tenant-name=admin --os-auth-url=http://192.168.1.36:35357/v2.0 token-get
+-----------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
···输出略过···
4.4.9. 建立keystone环境变量文件(方便以后使用)
1) 建立admin的环境变量
1
2
3
4
5
6
7
8
[root@linux-node1 ~]``# cd
[root@linux-node1 ~]``# vim keystone-admin
[root@linux-node1 ~]``# cat keystone-admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http:``//192``.168.1.36:35357``/v2``.0
[root@linux-node1 ~]``# source keystone-admin
2) 建立demo的环境变量
1
2
3
4
5
6
7
[root@linux-node1 ~]``# vim keystone-demo
[root@linux-node1 ~]``# cat keystone-demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http:``//192``.168.1.36:35357``/v2``.0
[root@linux-node1 ~]``# source keystone-demo
4.5. Glance安装与配置
n Glance是OpenStack中的一个镜像服务,主要作用是提供虚拟机的虚拟镜像注册、查询、存储的功能。
n Glance由三个部分组成,分别为:glance-api、glance-registry以及image store。
4.5.1. Install Glance
1
yum install openstack-glance python-glanceclient python-crypto
4.5.2. Config Glance
Glance的默认配置路径在“/etc/glance/”目录下:
1
2
3
4
5
[root@linux-node1 ~]``# cd /etc/glance/
[root@linux-node1 glance]``# ls
glance-api.conf glance-registry.conf policy.json
glance-cache.conf glance-scrubber.conf schema-image.json
#只需要配置标记的两个文件
1) 更改的配置:
1
2
3
4
5
6
7
8
[root@linux-node1 glance]``# egrep -n '^[a-z]' glance-api.conf
6:debug=``true
43:log_file=``/var/log/glance/api``.log
564:connection=mysql:``//glance``:glance@192.168.1.36``/glance
[root@linux-node1 glance]``# egrep -n '^[a-z]' glance-registry.conf
6:debug=``true
19:log_file=``/var/log/glance/registry``.log
94:connection=mysql:``//glance``:glance@192.168.1.36``/glance
2) 同步数据库
1
2
3
4
[root@linux-node1 glance]``# glance-manage db_sync ç执行的时候会有5秒左右的延时
/usr/lib64/python2``.6``/site-packages/Crypto/Util/number``.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn(``"Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability."``, PowmInsecureWarning) ç这个是警告,不过没关系。
[root@linux-node1 glance]``#
3) 验证同步的数据表结构:
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@linux-node1 glance]``# mysql -h 192.168.1.36 -u glance -pglance -e"use glance;show tables;"
+------------------+
| Tables_in_glance |
+------------------+
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| migrate_version |
| task_info |
| tasks |
+------------------+
4.5.3. 配置Glance的RabbitMQ
1) 修改glance-api.conf文件
1
2
3
4
5
6
7
8
9
10
11
[root@linux-node1 glance]``# egrep -n '^[a-z]' glance-api.conf
232:notifier_strategy = rabbit
242:rabbit_host=192.168.1.36
243:rabbit_port=5672
244:rabbit_use_ssl=``false
245:rabbit_userid=guest
246:rabbit_password=guest
247:rabbit_virtual_host=/
248:rabbit_notification_exchange=glance
249:rabbit_notification_topic=notifications
250:rabbit_durable_queues=False
2) Glance连接到keystone进行认证
Glance需要连接keystone来进行用户验证,才能对用户提供服务
操作过程:
a) 在keystone里创建Glance用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@linux-node1 ~]``# source keystone-admin ç在执行keystone之前首先应该加载环境变量
[root@linux-node1 ~]``# keystone user-create --name=glance --pass=glance
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 91c734899d21406582a5e901973c6110 |
| name | glance |
| username | glance |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-list
+----------------------------------+--------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+--------+---------+-------------------+
| 4a736ea8cf804214b0754afefe8387ee | admin | True | admin@example.com |
| 944ecced065d45f58b11c63097fc21ba | demo | True | |
| 91c734899d21406582a5e901973c6110 | glance | True | |
+----------------------------------+--------+---------+-------------------+
b) 建立关系
1
[root@linux-node1 ~]``# keystone user-role-add --user=glance --tenant=service --role=admin
4.5.4. 配置Glance的Keystone
1) 修改glance-api.conf文件
[root@linux-node1 ~]# egrep -n "^[a-z]" /etc/glance/glance-api.conf
1
2
3
4
5
6
7
645:auth_host=192.168.1.36
646:auth_port=35357
647:auth_protocol=http
648:admin_tenant_name=service
649:admin_user=glance
650:admin_password=glance
660:flavor=keystone
2) 修改glance-registry.conf文件(注册服务文件也需要更改keystone的认证)
1
2
3
4
5
6
7
8
[root@linux-node1 ~]``# egrep -n "^[a-z]" /etc/glance/glance-registry.conf
175:auth_host=192.168.1.36
176:auth_port=35357
177:auth_protocol=http
178:admin_tenant_name=service
179:admin_user=glance
180:admin_password=glance
190:flavor=keystone
3) 创建service和endpoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@linux-node1 ~]``# keystone service-create --name=glance --type=image
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | a6242bf6e26e4f0c9ae1c8aeb9c4ce7f |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone service-list
+----------------------------------+----------+----------+-------------+
| id | name | type | description |
+----------------------------------+----------+----------+-------------+
| a6242bf6e26e4f0c9ae1c8aeb9c4ce7f | glance | image | |
| c84682b33e384a79814b1da93097616c | keystone | identity | |
+----------------------------------+----------+----------+-------------+
[root@linux-node1 ~]``# keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.1.36:9292 --internalurl=http://192.168.1.36:9292 --adminurl=http://192.168.1.36:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http:``//192``.168.1.36:9292 |
| id | 90762415c63d4d56aa7e9d30054c20c2 |
| internalurl | http:``//192``.168.1.36:9292 |
| publicurl | http:``//192``.168.1.36:9292 |
| region | regionOne |
| service_id | a6242bf6e26e4f0c9ae1c8aeb9c4ce7f |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone endpoint-list
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
| 0c919098a9ef48f8ac1880ba1c04c2c5 | regionOne | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:35357``/v2``.0 | c84682b33e384a79814b1da93097616c |
| 90762415c63d4d56aa7e9d30054c20c2 | regionOne | http:``//192``.168.1.36:9292 | http:``//192``.168.1.36:9292 | http:``//192``.168.1.36:9292 | a6242bf6e26e4f0c9ae1c8aeb9c4ce7f |
+----------------------------------+-----------+-------------------------------+-------------------------------+--------------------------------+----------------------------------+
4.5.5. 更改日志属主
1
2
[root@linux-node1 ~]``# cd /var/log/glance/
[root@linux-node1 glance]``# chown -R glance:glance api.log
4.5.6. Start Glance
1
2
3
4
[root@linux-node1 glance]``# /etc/init.d/openstack-glance-api start
[root@linux-node1 glance]``# /etc/init.d/openstack-glance-registry start
[root@linux-node1 glance]``# chkconfig openstack-glance-api on
[root@linux-node1 glance]``# chkconfig openstack-glance-registry on
查看端口:
1
2
3
4
5
[root@linux-node1 glance]``# netstat -lntup|egrep '9191|9292'
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 29919``/python
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 29898``/python
#glance-api:9191端口
#glance-registry:9292端口
查看glance镜像:(glance才刚启动,所以下面没有镜像,但是能看到,说明启动正常)
1
2
3
4
5
6
[root@linux-node1 glance]``# glance image-list
+----+------+-------------+------------------+------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+----+------+-------------+------------------+------+--------+
+----+------+-------------+------------------+------+--------+
[root@linux-node1 glance]``#
4.5.7. 下载镜像并注册
1
2
3
wget http:``//download``.cirros-cloud.net``/0``.3.2``/cirros-0``.3.2-x86_64-disk.img
glance image-create --name "cirros-0.3.2-x86_64" --disk-``format qcow2 --container-``format bare --is-public True --``file cirros-0.3.2-x86_64-disk.img
glance image-list
操作过程:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[root@linux-node1 ~]``# wget http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
[root@linux-node1 ~]``# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --file cirros-0.3.2-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 64d7c1cd2b6f60c92c14662941cb7913 |
| container_format | bare |
| created_at | 2015-05-20T02:41:14 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | 879aa6c1-15f2-4c85-85f6-c5822ba9a3c0 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.2-x86_64 |
| owner | 707f2d26cdd5477ea66ede0b5c216c23 |
| protected | False |
| size | 13167616 |
| status | active |
| updated_at | 2015-05-20T02:41:15 |
| virtual_size | None |
+------------------+--------------------------------------+
[root@linux-node1 ~]``# glance image-list
+--------+---------------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------+---------------------+-------------+------------------+----------+--------+
| 879aa6c1-15f2-4c85-85f6-c5822ba9a3c0 | cirros-0.3.2-x86_64 | qcow2 | bare | 13167616 | active |
+--------+---------------------+-------------+------------------+----------+--------+
[root@linux-node1 ~]``#
4.6. Nova安装与配置
4.6.1. Install Nova
1
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
4.6.2. Config Nova
Nova的默认配置路径在“/etc/nova/”目录下:
1
2
3
[root@linux-node1 ~]``# cd /etc/nova/
[root@linux-node1 nova]``# ls
api-``paste``.ini nova.conf policy.json release rootwrap.conf
4) 更改的配置:
1
2
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
2475:connection=mysql:``//nova``:nova@192.168.1.36``/nova
5) 同步数据库
1
[root@linux-node1 nova]``# nova-manage db sync
6) 验证同步的数据表结构:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
[root@linux-node1 nova]``# mysql -h 192.168.1.36 -u nova -pnova -e"use nova;show tables;"
+--------------------------------------------+
| Tables_in_nova |
+--------------------------------------------+
| agent_builds |
| aggregate_hosts |
| aggregate_metadata |
| aggregates |
| block_device_mapping |
| bw_usage_cache |
| cells |
| certificates |
| compute_nodes |
| console_pools |
| consoles |
| dns_domains |
| fixed_ips |
| floating_ips |
| instance_actions |
| instance_actions_events |
| instance_faults |
| instance_group_member |
| instance_group_metadata |
| instance_group_policy |
| instance_groups |
| instance_id_mappings |
| instance_info_caches |
| instance_metadata |
| instance_system_metadata |
| instance_type_extra_specs |
| instance_type_projects |
| instance_types |
| instances |
| iscsi_targets |
| key_pairs |
| migrate_version |
| migrations |
| networks |
| pci_devices |
| project_user_quotas |
| provider_fw_rules |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| s3_images |
| security_group_default_rules |
| security_group_instance_association |
| security_group_rules |
| security_groups |
| services |
| shadow_agent_builds |
| shadow_aggregate_hosts |
| shadow_aggregate_metadata |
| shadow_aggregates |
| shadow_block_device_mapping |
| shadow_bw_usage_cache |
| shadow_cells |
| shadow_certificates |
| shadow_compute_nodes |
| shadow_console_pools |
| shadow_consoles |
| shadow_dns_domains |
| shadow_fixed_ips |
| shadow_floating_ips |
| shadow_instance_actions |
| shadow_instance_actions_events |
| shadow_instance_faults |
| shadow_instance_group_member |
| shadow_instance_group_metadata |
| shadow_instance_group_policy |
| shadow_instance_groups |
| shadow_instance_id_mappings |
| shadow_instance_info_caches |
| shadow_instance_metadata |
| shadow_instance_system_metadata |
| shadow_instance_type_extra_specs |
| shadow_instance_type_projects |
| shadow_instance_types |
| shadow_instances |
| shadow_iscsi_targets |
| shadow_key_pairs |
| shadow_migrate_version |
| shadow_migrations |
| shadow_networks |
| shadow_pci_devices |
| shadow_project_user_quotas |
| shadow_provider_fw_rules |
| shadow_quota_classes |
| shadow_quota_usages |
| shadow_quotas |
| shadow_reservations |
| shadow_s3_images |
| shadow_security_group_default_rules |
| shadow_security_group_instance_association |
| shadow_security_group_rules |
| shadow_security_groups |
| shadow_services |
| shadow_snapshot_id_mappings |
| shadow_snapshots |
| shadow_task_log |
| shadow_virtual_interfaces |
| shadow_volume_id_mappings |
| shadow_volume_usage_cache |
| shadow_volumes |
| snapshot_id_mappings |
| snapshots |
| task_log |
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
| volumes |
+--------------------------------------------+
[root@linux-node1 nova]``#
4.6.3. Nova配置RabbitMQ
1
2
3
4
5
6
7
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
79:rabbit_host=192.168.1.36
83:rabbit_port=5672
89:rabbit_use_ssl=``false
92:rabbit_userid=guest
95:rabbit_password=guest
189:rpc_backend=rabbit
4.6.4. Nova配置Keystone
1) 添加Nova用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[root@linux-node1 nova]``# cd
[root@linux-node1 ~]``# source keystone-admin
[root@linux-node1 ~]``# keystone user-create --name=nova --pass=nova
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 770c6373a97a43429dcded8fc505e463 |
| name | nova |
| username | nova |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-role-add --user=nova --tenant=service --role=admin
[root@linux-node1 ~]``# keystone user-list
+----------------------------------+--------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+--------+---------+-------------------+
| 4a736ea8cf804214b0754afefe8387ee | admin | True | admin@example.com |
| 944ecced065d45f58b11c63097fc21ba | demo | True | |
| 91c734899d21406582a5e901973c6110 | glance | True | |
| 770c6373a97a43429dcded8fc505e463 | nova | True | |
+----------------------------------+--------+---------+-------------------+
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
544:auth_strategy=keystone
2687:auth_host=192.168.1.36
2690:auth_port=35357
2694:auth_protocol=http
2697:auth_uri=http:``//192``.168.1.36:5000
2701:auth_version=v2.0
2728:admin_user=nova
2731:admin_password=nova
2735:admin_tenant_name=service
4.6.5. Nova配置Glance
1
2
3
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
253:my_ip=192.168.1.36
1129:glance_host=$my_ip
4.6.6. Nova自身配置
1
2
3
4
5
6
7
8
9
10
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
302:state_path=``/var/lib/nova
885:instances_path=$state_path``/instances
1576:lock_path=``/var/lib/nova/tmp
1951:compute_driver=libvirt.LibvirtDriver
2036:novncproxy_base_url=http:``//192``.168.1.36:6080``/vnc_auto``.html
2044:vncserver_listen=0.0.0.0
2048:vncserver_proxyclient_address=192.168.1.36
2051:vnc_enabled=``true
2054:vnc_keymap=en-us
4.6.7. Nova更改的全部配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@linux-node1 nova]``# egrep -n '^[a-z]' nova.conf
79:rabbit_host=192.168.1.36
83:rabbit_port=5672
89:rabbit_use_ssl=``false
92:rabbit_userid=guest
95:rabbit_password=guest
189:rpc_backend=rabbit
253:my_ip=192.168.1.36
302:state_path=``/var/lib/nova
544:auth_strategy=keystone
885:instances_path=$state_path``/instances
1129:glance_host=$my_ip
1576:lock_path=``/var/lib/nova/tmp
1951:compute_driver=libvirt.LibvirtDriver
2036:novncproxy_base_url=http:``//192``.168.1.36:6080``/vnc_auto``.html
2044:vncserver_listen=0.0.0.0
2048:vncserver_proxyclient_address=192.168.1.36
2051:vnc_enabled=``true
2054:vnc_keymap=en-us
2475:connection=mysql:``//nova``:nova@192.168.1.36``/nova
2687:auth_host=192.168.1.36
2690:auth_port=35357
2694:auth_protocol=http
2697:auth_uri=http:``//192``.168.1.36:5000
2701:auth_version=v2.0
2728:admin_user=nova
2731:admin_password=nova
2735:admin_tenant_name=service
4.6.8. 创建service和endpoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@linux-node1 nova]``# keystone service-create --name=nova --type=compute
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 8a4f956ed2864d839952dfc132a3d296 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@linux-node1 nova]``# keystone endpoint-create --service-id=$(keystone service-list| awk ' / compute / {print $2}') --publicurl=http://192.168.1.36:8774/v2/%(tenant_id)s --internalurl=http://192.168.1.36:8774/v2/%(tenant_id)s --adminurl=http://192.168.1.36:8774/v2/%(tenant_id)s
+-------------+-------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------+
| adminurl | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s |
| id | 97a0b3212b5a468dbe1828596b2566bc |
| internalurl | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s |
| publicurl | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s |
| region | regionOne |
| service_id | 8a4f956ed2864d839952dfc132a3d296 |
+-------------+-------------------------------------------+
4.6.9. Start Nova
1
2
3
4
#启动
for i in {api,cert,conductor,consoleauth,novncproxy,scheduler};``do service openstack-nova-``"$i" start;``done
#加入开机自启动
for i in {api,cert,conductor,consoleauth,novncproxy,scheduler};``do chkconfig openstack-nova-``"$i" on;``done
4.6.10. Nova-list
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# nova host-list
+-------------------------+-------------+----------+
| host_name | service | zone |
+-------------------------+-------------+----------+
| linux-node1.example.com | conductor | internal |
| linux-node1.example.com | cert | internal |
| linux-node1.example.com | consoleauth | internal |
| linux-node1.example.com | scheduler | internal |
+-------------------------+-------------+----------+
到此,“控制节点”部分组件安装及配置部署完毕,接下来对“计算节点”进行配置。
4.7. Nova安装与配置(计算节点操作)
4.7.1. Nova-Compute 介绍
l Nova-compute 一般运行在计算节点上,通过Message Queue接管并管理VM的生命周期
l Nova-compute 通过Libvirt管理KVM,通过XenAPI管理Xen等。
4.7.2. Install Nova-compute
!!注意!!再次确认,以下步骤将是在“计算节点”上操作!
1
2
yum install -y http:``//repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm
yum install -y qemu-kvm libvirt openstack-nova-compute python-novaclient
查看系统是否支持KVM硬件虚拟化
1
2
[root@linux-node2 ~]``# egrep -c '(vmx|svm)' /proc/cpuinfo
1
4.7.3. Config Nova
1) 控制节点推送配置文件到计算节点
注意:需要到控制节点推送配置文件到计算节点,具体操作如下:
!!在控制节点(node1)节点上推送!!
1
2
3
4
5
6
7
[root@linux-node1 ~]``# scp /etc/nova/nova.conf 192.168.1.37:/etc/nova/
The authenticity of host '192.168.1.37 (192.168.1.37)' can't be established.
RSA key fingerprint is ec:67:00:b2:b9:2e:68:cc:1d:d7:9c:ac:b3:28:ed:24.
Are you sure you want to continue connecting (``yes``/no``)? yes
Warning: Permanently added '192.168.1.37' (RSA) to the list of known hosts.
root@192.168.1.37's password:
nova.conf 100% 97KB 96.8KB``/s 00:00
2) 更改配置
Nova的很多配置都在控制节点上完成了,控制节点把文件推送到计算节点后,只需要更改以下内容即可:
1
2
[root@linux-node2 ~]``# egrep -n "^[a-z]" /etc/nova/nova.conf
2048:vncserver_proxyclient_address=192.168.1.37 ç改成计算节点的IP地址
4.7.4. Start Nova
1
2
3
4
5
6
[root@linux-node2 ~]``# /etc/init.d/libvirtd start
[root@linux-node2 ~]``# /etc/init.d/messagebus start
[root@linux-node2 ~]``# /etc/init.d/openstack-nova-compute start
[root@linux-node2 ~]``# chkconfig openstack-nova-compute on
[root@linux-node2 ~]``# chkconfig libvirtd on
[root@linux-node2 ~]``# chkconfig messagebus on
在控制节点上查看Nova的配置是否生效
1
2
3
4
5
6
7
8
9
10
[root@linux-node1 ~]``# nova host-list
+-------------------------+-------------+----------+
| host_name | service | zone |
+-------------------------+-------------+----------+
| linux-node1.example.com | conductor | internal |
| linux-node1.example.com | cert | internal |
| linux-node1.example.com | consoleauth | internal |
| linux-node1.example.com | scheduler | internal |
| linux-node2.example.com | compute | nova |
+-------------------------+-------------+----------+
4.8. Neutron安装与配置
4.8.1. Install Neutron
温馨提示:这是在控制节点上操作哦!
1
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge
4.8.2. 配置neutron.conf文件
1) Neutron基础配置
1
2
3
4
5
6
7
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/neutron.conf
6:debug = true
10:state_path = /var/lib/neutron
13:lock_path = $state_path``/lock
53:core_plugin = ml2
62 service_plugins = router,firewall,lbaas
385:root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap``.conf
2) Neutron配置MySQL
1
2
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/neutron.conf
405:connection = mysql:``//neutron``:neutron@192.168.1.36:3306``/neutron
a) 创建Neutron的用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@linux-node1 ~]``# source keystone-admin
[root@linux-node1 ~]``# keystone user-create --name neutron --pass neutron
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | bc6d613504f14d4c8ad7e6c8bae668ac |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-list
+----------------------------------+---------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+---------+---------+-------------------+
| 4a736ea8cf804214b0754afefe8387ee | admin | True | admin@example.com |
| 944ecced065d45f58b11c63097fc21ba | demo | True | |
| 91c734899d21406582a5e901973c6110 | glance | True | |
| bc6d613504f14d4c8ad7e6c8bae668ac | neutron | True | |
| 770c6373a97a43429dcded8fc505e463 | nova | True | |
+----------------------------------+---------+---------+-------------------+
[root@linux-node1 ~]``# keystone user-role-add --user neutron --tenant service --role admin
3) Neutron配置Keystone
1
2
3
4
5
6
7
8
9
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/neutron.conf
66:api_paste_config = /usr/share/neutron/api-paste``.ini
70:auth_strategy = keystone
395:auth_host = 192.168.1.36
396:auth_port = 35357
397:auth_protocol = http
398:admin_tenant_name = service
399:admin_user = neutron
400:admin_password = neutron
4) Neutron配置RabbitMQ
1
2
3
4
5
6
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/neutron.conf
134:rabbit_host = 192.168.1.36
136:rabbit_password = guest
138:rabbit_port = 5672
143:rabbit_userid = guest
145:rabbit_virtual_host = /
5) Neutron配置Nova
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/neutron.conf
299:notify_nova_on_port_status_changes = true
303:notify_nova_on_port_data_changes = true
306:nova_url = http:``//192``.168.1.36:8774``/v2
312:nova_admin_username = nova
315:nova_admin_tenant_id = 628660545a044ac4ac5c1a16ca7f4a2c
318:nova_admin_password = nova
321:nova_admin_auth_url = http:``//192``.168.1.36:35357``/v2``.0
+--------------------------------------+
#注释:315行id的由来:
[root@linux-node1 ~]``# keystone tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 707f2d26cdd5477ea66ede0b5c216c23 | admin | True |
| c4015c47e46f4b30bf68a6f39061ace3 | demo | True |
| 628660545a044ac4ac5c1a16ca7f4a2c | service | True |
+----------------------------------+---------+---------+
#就是service的ID号码,填写到nova_admin_tenant_id即可。
4.8.3. 配置ml2文件
1
2
3
4
5
6
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/plugins/ml2/ml2_conf.ini
5:type_drivers = flat,vlan,gre,vxlan
12:tenant_network_types = flat,vlan,gre,vxlan
17:mechanism_drivers = linuxbridge,openvswitch
29:flat_networks = physnet1
62:enable_security_group = True
4.8.4. 配置linuxbridge文件
1
2
3
4
5
[root@linux-node1 ~]``# egrep -n '^[a-z]' /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
20:network_vlan_ranges = physnet1
31:physical_interface_mappings = physnet1:eth0
74:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
79:enable_security_group = True
4.8.5. Nova服务配置Neutron
1) 没错,就是在Nova上面配置Neutron!
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@linux-node1 ~]``# vim /etc/nova/nova.conf
1200 network_api_class=nova.network.neutronv2.api.API
1321 linuxnet_interface_driver=nova.network.linux_net.LinuxBridgeInterfaceDriver
1466 neutron_url=http:``//192``.168.1.36:9696
1474 neutron_admin_username=neutron
1478 neutron_admin_password=neutron
1482 neutron_admin_tenant_id=628660545a044ac4ac5c1a16ca7f4a2c
1488 neutron_admin_tenant_name=service
1496 neutron_admin_auth_url=http:``//192``.168.1.36:5000``/v2``.0
1503 neutron_auth_strategy=keystone
1536 security_group_api=neutron
1982 firewall_driver=nova.virt.libvirt.firewall.NoopFirewallDriver
2872 vif_driver=nova.virt.libvirt.vif.NeutronLinuxBridgeVIFDriver
2) 将配置文件推送到计算节点
1
2
3
4
5
[root@linux-node1 ~]``# scp /etc/nova/nova.conf 192.168.1.37:/etc/nova/
#此时,需要去“计算节点”上更改一下参数即可:
vncserver_proxyclient_address=192.168.1.37 ç改成计算节点的IP地址
#在node2上重启openstack-nova-compute
[root@linux-node2 ~]``# /etc/init.d/openstack-nova-compute restart
3) 重启Nova服务
1
[root@linux-node1 ~]``# for i in {api,conductor,scheduler}; do service openstack-nova-"$i" restart;done
4.8.6. 创建service和endpoint
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@linux-node1 ~]``# keystone service-create --name neutron --type network
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 9588d468d7e044dc88a23cf39fef17f1 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone endpoint-create --service-id=$(keystone service-list | awk '/ network / {print $2}') --publicurl=http://192.168.1.36:9696 --internalurl=http://192.168.1.36:9696 --adminurl=http://192.168.1.36:9696
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http:``//192``.168.1.36:9696 |
| id | 0ff9f7f415f04491adde0b1dc4080b15 |
| internalurl | http:``//192``.168.1.36:9696 |
| publicurl | http:``//192``.168.1.36:9696 |
| region | regionOne |
| service_id | 9588d468d7e044dc88a23cf39fef17f1 |
+-------------+----------------------------------+
4.8.7. Neutron试启动
1
2
3
4
5
6
[root@linux-node1 ~]``# neutron-server --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini --config-file=/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
···中间信息略过···
2015-05-20 20:33:36.242 53514 INFO neutron.service [-] Neutron service started, listening on 0.0.0.0:9696
2015-05-20 20:33:36.252 53514 INFO neutron.openstack.common.rpc.common [-] Connected to AMQP server on 192.168.1.36:5672
2015-05-20 20:33:36.256 53514 INFO neutron.wsgi [-] (53514) wsgi starting up on http:``//0``.0.0.0:9696/
#看到最后监听的端口则说明能启动成功!
4.8.8. 修改Neutron启动脚本
1) 修改neutron-server启动脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@linux-node1 ~]``# vim /etc/init.d/neutron-server
#15-17行
configs=(
"/usr/share/$prog/$prog-dist.conf"
"/etc/$prog/$prog.conf"
"/etc/$prog/plugin.ini"
#由上面更改为下面的类容:
"/etc/neutron/neutron.conf"
"/etc/neutron/plugins/ml2/ml2_conf.ini"
"/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini"
)
更改后的结果应该是:
configs=(
"/etc/neutron/neutron.conf"
"/etc/neutron/plugins/ml2/ml2_conf.ini"
"/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini"
)
2) 修改neutron-linuxbridge-agent启动脚本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#16-18行
configs=(
"/usr/share/$prog/$prog-dist.conf"
"/etc/$prog/$prog.conf"
"/etc/$prog/plugin.ini"
#由上面更改为下面的类容:
"/etc/neutron/neutron.conf"
"/etc/neutron/plugins/ml2/ml2_conf.ini"
"/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini"
)
更改后的结果应该是:
configs=(
"/etc/neutron/neutron.conf"
"/etc/neutron/plugins/ml2/ml2_conf.ini"
"/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini"
)
4.8.9. 启动Nova服务
1
2
3
4
5
6
7
[root@linux-node1 ~]``# /etc/init.d/neutron-server start
[root@linux-node1 ~]``# /etc/init.d/neutron-linuxbridge-agent start
[root@linux-node1 ~]``# chkconfig neutron-server on
[root@linux-node1 ~]``# chkconfig neutron-linuxbridge-agent on
查看端口
[root@linux-node1 ~]``# netstat -lntup|grep 9696
tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 53850``/python
查看Neutron-list
1
2
3
4
5
6
[root@linux-node1 ~]``# neutron agent-list
+--------+--------------------+-------------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------+--------------------+-------------------------+-------+----------------+
| 6300bfdb-f315-4fcd-a92b-cd979ead793e | Linux bridge agent | linux-node1.example.com | <img draggable=``"false" class=``"emoji" alt=``"``c=``"https://s.w.org/images/core/emoji/11/svg/1f642.svg"``> | True |
+--------+--------------------+-------------------------+-------+----------------+
4.9. Neutron安装与配置(计算节点操作)
4.9.1. Install Neutron
1
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient openstack-neutron-linuxbridge
4.9.2. 复制控制节点的Neutron配置文件
温馨提示:此项需到“控制节点”上操作!
1
2
3
4
scp /etc/neutron/neutron``.conf 192.168.1.37:``/etc/neutron/
scp /etc/neutron/plugins/ml2/ml2_conf``.ini 192.168.1.37:``/etc/neutron/plugins/ml2/
scp /etc/neutron/plugins/linuxbridge/linuxbridge_conf``.ini 192.168.1.37:``/etc/neutron/plugins/linuxbridge/
scp /etc/init``.d``/neutron-``* 192.168.1.37:``/etc/init``.d/
4.9.3. 启动Neutron服务
计算节点只需要启动neutron-linuxbridge-agent即可
1
2
[root@linux-node2 ~]``# /etc/init.d/neutron-linuxbridge-agent start
[root@linux-node2 ~]``# chkconfig neutron-linuxbridge-agent on
到控制节点查看
1
2
3
4
5
6
7
[root@linux-node1 ~]``# neutron agent-list
+-----+--------------------+-------------------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+-----+--------------------+-------------------------+-------+----------------+
| 6300bfdb-f315-4fcd-a92b-cd979ead793e | Linux bridge agent | linux-node1.example.com | <img draggable=``"false" class=``"emoji" alt=``"" src=``"https://s.w.org/images/core/emoji/11/svg/1f642.svg"``> | True |
| d45ca3a8-cca5-4bc0-9d6b-4a3519384fa6 | Linux bridge agent | linux-node2.example.com | <img draggable=``"false" class=``"emoji" alt=``"" src=``"https://s.w.org/images/core/emoji/11/svg/1f642.svg"``> | True |
+------+--------------------+-------------------------+-------+----------------+
4.10. Horizon安装与配置
4.10.1. 安装dashboard等软件
1
yum install -y httpd mod_wsgi memcached python-memcached openstack-dashboard
4.10.2. 启动memcache
1
2
[root@linux-node1 ~]``# /etc/init.d/memcached start
[root@linux-node1 ~]``# chkconfig memcached on
4.10.3. 配置dashboard
1
2
3
4
5
6
7
8
9
10
11
12
[root@linux-node1 ~]``# vim /etc/openstack-dashboard/local_settings
1、打开memcache,默认是关闭状态只需把前面注释取消掉即可
98 CACHES = {
99 'default'``: {
100 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache'``,
101 'LOCATION' : '127.0.0.1:11211'``,
102 }
103 }
2、更改Keystone的地址
128 OPENSTACK_HOST = "192.168.1.36"
3、增加允许的主机
15 ALLOWED_HOSTS = [``'horizon.example.com'``, 'localhost'``,``'192.168.1.36'``]
4.10.4. 启动apache
1
2
[root@linux-node1 ~]``# /etc/init.d/httpd start
[root@linux-node1 ~]``# chkconfig httpd on
4.10.5. 访问dashboard
浏览器输入:http://192.168.1.36/dashboard/
用户名:admin,demo
密 码:admin,demo
4.10.6. 给租户ID创建网络
1) 创建网络
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@linux-node1 ~]``# keystone tenant-list ç第一步获取demo租户ID
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------+---------+---------+
| 707f2d26cdd5477ea66ede0b5c216c23 | admin | True |
| c4015c47e46f4b30bf68a6f39061ace3 | demo | True |
| 628660545a044ac4ac5c1a16ca7f4a2c | service | True |
+----------------------------------+---------+---------+
[root@linux-node1 ~]``# neutron net-create --tenant-id c4015c47e46f4b30bf68a6f39061ace3 flat_net --shared --provider:network_type flat --provider:physical_network physnet1
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 361e6757-9d01-4daf-b098-fd50bdf2f550 |
| name | flat_net |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | c4015c47e46f4b30bf68a6f39061ace3 |
+---------------------------+--------------------------------------+
查看创建的网络
1
2
3
4
5
6
[root@linux-node1 ~]``# neutron net-list
+--------------------------------------+----------+---------+
| id | name | subnets |
+--------------------------------------+----------+---------+
| 361e6757-9d01-4daf-b098-fd50bdf2f550 | flat_net | |
+--------------------------------------+----------+---------+
2) 创建子网
这个环节需要在浏览器上面创建了
路径:管理员à系统面板à网络à创建网络
到此,子网创建完成,接下来用demo用户创建虚拟机
4.10.7. 创建虚拟机
1) 子网已连接
2) 创建虚拟机
路径:项目àComputeà实例à启动云主机
3) 创建好的虚拟机
4) 控制台
4.11. Cinder安装与配置
4.11.1. Install Cinder
1
yum install openstack-cinder python-cinderclient
4.11.2. Config Cinder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@linux-node1 ~]``# egrep '^[a-z]' /etc/cinder/cinder.conf -n
79:rabbit_host=192.168.1.36
83:rabbit_port=5672
89:rabbit_use_ssl=``false
92:rabbit_userid=guest
95:rabbit_password=guest
181:rpc_backend=rabbit
456:my_ip=192.168.1.36
459:glance_host=$my_ip
573:auth_strategy=keystone
727:debug=``true
1908:connection=mysql:``//cinder``:cinder@192.168.1.36``/cinder
2013:auth_host=192.168.1.36
2017:auth_port=35357
2021:auth_protocol=http
2024:auth_uri=http:``//192``.168.1.36:5000
2029:identity_uri=http:``//192``.168.1.36:35357/
2033:auth_version=v2.0
2057:admin_user=cinder
2060:admin_password=cinder
2064:admin_tenant_name=service
4.11.3. 同步数据库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[root@linux-node1 ~]``# cinder-manage db sync
/usr/lib64/python2``.6``/site-packages/Crypto/Util/number``.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn(``"Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability."``, PowmInsecureWarning)
/usr/lib64/python2``.6``/site-packages/Crypto/Util/randpool``.py:40: RandomPool_DeprecationWarning: This application uses RandomPool, which is BROKEN in older releases. See http:``//www``.pycrypto.org``/randpool-broken
RandomPool_DeprecationWarning)
[root@linux-node1 ~]``# mysql -h 192.168.1.36 -u cinder -pcinder -e 'use cinder;show tables;'
+--------------------------+
| Tables_in_cinder |
+--------------------------+
| backups |
| encryption |
| iscsi_targets |
| migrate_version |
| quality_of_service_specs |
| quota_classes |
| quota_usages |
| quotas |
| reservations |
| services |
| snapshot_metadata |
| snapshots |
| transfers |
| volume_admin_metadata |
| volume_glance_metadata |
| volume_metadata |
| volume_type_extra_specs |
| volume_types |
| volumes |
+--------------------------+
[root@linux-node1 ~]``#
4.11.4. Keystone注册
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
[root@linux-node1 ~]``# keystone user-create --name=cinder --pass=cinder
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 4720f1fbef9141ac937890c9bc155a18 |
| name | cinder |
| username | cinder |
+----------+----------------------------------+
[root@linux-node1 ~]``# keystone user-role-add --user=cinder --tenant=service --role=admin
[root@linux-node1 ~]``# keystone service-create --name=cinder --type=volume
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | e7e5fdadbe874485b3225c8a833f229e |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone endpoint-create --service-id=e7e5fdadbe874485b3225c8a833f229e --publicurl=http://192.168.1.36:8776/v1/%\(tenant_id\)s --internalurl=http://192.168.1.36:8776/v1/%\(tenant_id\)s --adminurl=http://192.168.1.36:8776/v1/%\(tenant_id\)s
+-------------+-------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------+
| adminurl | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s |
| id | a37fcb4b15fb465c9c621dcc6300e50b |
| internalurl | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s |
| publicurl | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s |
| region | regionOne |
| service_id | e7e5fdadbe874485b3225c8a833f229e |
+-------------+-------------------------------------------+
[root@linux-node1 ~]``# keystone service-create --name=cinderv2 --type=volumev2
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | aee6b0eac6ed49f08fd2cebda1cb71d7 |
| name | cinderv2 |
| type | volume |
+-------------+----------------------------------+
[root@linux-node1 ~]``# keystone endpoint-create --service-id=aee6b0eac6ed49f08fd2cebda1cb71d7 --publicurl=http://192.168.1.36:8776/v2/%\(tenant_id\)s --internalurl=http://192.168.1.36:8776/v2/%\(tenant_id\)s --adminurl=http://192.168.1.36:8776/v2/%\(tenant_id\)s
+-------------+-------------------------------------------+
| Property | Value |
+-------------+-------------------------------------------+
| adminurl | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s |
| id | 631c2347bab94dc294302e665e3bf1b0 |
| internalurl | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s |
| publicurl | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s |
| region | regionOne |
| service_id | aee6b0eac6ed49f08fd2cebda1cb71d7 |
+-------------+-------------------------------------------+
[root@linux-node1 ~]``# keystone service-list
+----------------------------------+----------+----------+-------------+
| id | name | type | description |
+----------------------------------+----------+----------+-------------+
| e7e5fdadbe874485b3225c8a833f229e | cinder | volume | |
| aee6b0eac6ed49f08fd2cebda1cb71d7 | cinderv2 | volume | |
| 89da282fa357437da7a5332c48639250 | glance | image | |
| cd2980e8eda84663b582f09f84b10d6b | keystone | identity | |
| 23decaf91e5f4d50a476c0262e824412 | neutron | network | |
| 60f89869d00b4a9e83ca90b85652b794 | nova | compute | |
+----------------------------------+----------+----------+-------------+
[root@linux-node1 ~]``# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | linux-node1.example.com | nova | enabled | up | 2015-05-26T11:39:47.000000 | None |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
[root@linux-node1 ~]``# keystone endpoint-list
+----------------------------------+-----------+-------------------------------------------+-------------------------------------------+-------------------------------------------+----------------------------------+
| id | region | publicurl | internalurl | adminurl | service_id |
+----------------------------------+-----------+-------------------------------------------+-------------------------------------------+-------------------------------------------+----------------------------------+
| 0019741e32994fd89da183fc949b02ee | regionOne | http:``//192``.168.1.36:9292 | http:``//192``.168.1.36:9292 | http:``//192``.168.1.36:9292 | 89da282fa357437da7a5332c48639250 |
| 11143240307447bf8512c54ce08b3490 | regionOne | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s | http:``//192``.168.1.36:8774``/v2/``%(tenant_id)s | 60f89869d00b4a9e83ca90b85652b794 |
| 37fe671f915746c8a2d79451dc5769d1 | regionOne | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s | http:``//192``.168.1.36:8776``/v1/``%(tenant_id)s | e7e5fdadbe874485b3225c8a833f229e |
| 6172a7484ade47aaa726ccbb39933f5a | regionOne | http:``//192``.168.1.36:9696 | http:``//192``.168.1.36:9696 | http:``//192``.168.1.36:9696 | 23decaf91e5f4d50a476c0262e824412 |
| 6385df8ead804fbe868bef8a4917e033 | regionOne | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:5000``/v2``.0 | http:``//192``.168.1.36:35357``/v2``.0 | cd2980e8eda84663b582f09f84b10d6b |
| cf2dec5e815e40949a9586354026d85d | regionOne | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s | http:``//192``.168.1.36:8776``/v2/``%(tenant_id)s | aee6b0eac6ed49f08fd2cebda1cb71d7 |
+----------------------------------+-----------+-------------------------------------------+-------------------------------------------+-------------------------------------------+----------------------------------+
4.11.5. Start Cinder
1
2
3
4
[root@linux-node1 ~]``# /etc/init.d/openstack-cinder-api start
[root@linux-node1 ~]``# /etc/init.d/openstack-cinder-scheduler start
[root@linux-node1 ~]``# chkconfig openstack-cinder-api on
[root@linux-node1 ~]``# chkconfig openstack-cinder-scheduler on
到此,已经能在web界面看到有“云硬盘”选项:
接下来配置云硬盘。
4.12. Cinder安装与配置(计算节点操作)
4.12.1. Cinder-iSCSI云硬盘
在计算节点上添加一块硬盘,大小20G。添加好硬盘后,执行以下代码。
1) 部署ISCSI环境
1
2
3
4
5
6
7
8
9
10
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
vim /etc/lvm/lvm``.conf
在devices{}里面添加:
filter = [ "a/sda1/"``, "a/sdb/"``, "r/.*/" ]
yum install -y scsi-target-utils
vim /etc/tgt/targets``.conf
include /etc/cinder/volumes/``*
/etc/init``.d``/tgtd start
chkconfig tgtd on
2) 部署Cinder环境
1
2
3
4
5
6
7
8
9
10
[root@linux-node2 ~]``# yum install openstack-cinder
在控制节点上推送配置文件到计算节点
[root@linux-node1 ~]``# scp /etc/cinder/cinder.conf 192.168.1.37:/etc/cinder/
回计算节点操作
[root@linux-node2 ~]``# vim /etc/cinder/cinder.conf
#配置iSCSI
957 iscsi_ip_address=$my_ip
970 volume_backend_name=iSCSI-Storage
991 iscsi_helper=tgtadm
1836 volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
启动Cinder-volume
1
2
[root@linux-node2 ~]``# /etc/init.d/openstack-cinder-volume start
[root@linux-node2 ~]``# chkconfig openstack-cinder-volume on
控制节点查看
1
2
3
4
5
6
7
[root@linux-node1 ~]``# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | linux-node1.example.com | nova | enabled | up | 2015-05-27T01:27:00.000000 | None |
| cinder-volume | linux-node2.example.com | nova | enabled | up | 2015-05-27T01:27:04.000000 | None |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
3) 创建iSCSI存储类型
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@linux-node1 ~]``# cinder type-create iSCSI
+--------------------------------------+-------+
| ID | Name |
+--------------------------------------+-------+
| 827a0535-cde1-4e91-99ff-7eb28e35d55c | iSCSI |
+--------------------------------------+-------+
[root@linux-node1 ~]``# cinder type-key iSCSI set volume_backend_name=iSCSI-Storage
[root@linux-node1 ~]``# cinder type-list
+--------------------------------------+-------+
| ID | Name |
+--------------------------------------+-------+
| 827a0535-cde1-4e91-99ff-7eb28e35d55c | iSCSI |
+--------------------------------------+-------+
4) 创建iSCSI类型云硬盘
路径:项目à Computeà云硬盘à创建云硬盘
计算节点查看创建好的云硬盘信息:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@linux-node2 ~]``# lvdisplay
--- Logical volume ---
LV Path /dev/cinder-volumes/volume-151d28ab-dc56-496c-bab5-584a427b2d43
LV Name volume-151d28ab-dc56-496c-bab5-584a427b2d43
VG Name cinder-volumes
LV UUID YLNTlK-X7x2-qe9C-n5gU-ZhXS-qJIP-T6Ud9r
LV Write Access read``/write
LV Creation host, time linux-node2.example.com, 2015-05-27 09:38:30 +0800
LV Status available
# open 0
LV Size 1.00 GiB
Current LE 256
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
4.12.2. Cinder-NFS云硬盘(部署在控制节点)
1) 部署NFS环境
1
2
3
4
5
6
7
8
yum install nfs-utils rpcbind
mkdir -p /data/nfs
vim /etc/exports
/data/nfs *(rw,no_root_squash)
/etc/init``.d``/rpcbind start
/etc/init``.d``/nfs start
chkconfig rpcbind on
chkconfig nfs on
2) 部署Cinder环境
1
2
3
4
5
6
7
[root@linux-node1 ~]``# vim /etc/cinder/cinder.conf
970 volume_backend_name=NFS-Storage
1492 nfs_shares_config=``/etc/cinder/nfs_shares
1511 nfs_mount_point_base=$state_path``/mnt
1837 volume_driver=cinder.volume.drivers.nfs.NfsDriver
[root@linux-node1 ~]``# vim /etc/cinder/nfs_shares
192.168.1.36:``/data/nfs
重启Cinder-volume
1
[root@linux-node1 ~]``# /etc/init.d/openstack-cinder-volume start
控制节点查看
1
2
3
4
5
6
7
8
[root@linux-node1 ~]``# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | linux-node1.example.com | nova | enabled | up | 2015-05-27T01:56:11.000000 | None |
| cinder-volume | linux-node1.example.com | nova | enabled | up | 2015-05-27T01:56:15.000000 | None |
| cinder-volume | linux-node2.example.com | nova | enabled | up | 2015-05-27T01:56:16.000000 | None |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
3) 创建NFS存储类型
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@linux-node1 ~]``# cinder type-create NFS
+--------------------------------------+------+
| ID | Name |
+--------------------------------------+------+
| 22805989-61a6-4df1-aab1-8400f9567192 | NFS |
+--------------------------------------+------+
[root@linux-node1 ~]``# cinder type-key NFS set volume_backend_name=NFS-Storage
[root@linux-node1 ~]``# cinder type-list
+--------------------------------------+-------+
| ID | Name |
+--------------------------------------+-------+
| 22805989-61a6-4df1-aab1-8400f9567192 | NFS |
| 827a0535-cde1-4e91-99ff-7eb28e35d55c | iSCSI |
+--------------------------------------+-------+
4) 创建NFS类型云硬盘
路径:项目à Computeà云硬盘à创建云硬盘
查看创建的卷
1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@linux-node1 ~]# mount
/dev/sda3 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.1.36:/data/nfs on /var/lib/cinder/mnt/8fb94a0748814faafd91bfc1a8f54747 type nfs (rw,vers=4,addr=192.168.1.36,clientaddr=192.168.1.36)
[root@linux-node1 ~]# cd /var/lib/cinder/mnt/8fb94a0748814faafd91bfc1a8f54747
[root@linux-node1 8fb94a0748814faafd91bfc1a8f54747]# ls
volume-aad7b59a-394e-4666-a024-36c9bd787614
4.12.3. Cinder-GlusterFS云硬盘
1) 部署GlusterFS环境
控制节点和计算节点都需要安装配置
1
2
3
4
5
6
cd /etc/yum``.repos.d/
wget http:``//download``.gluster.org``/pub/gluster/glusterfs/3``.6``/3``.6.3``/CentOS/glusterfs-epel``.repo
yum install glusterfs-server
/etc/init``.d``/glusterd start
chkconfig glusterd on
mkdir -p /data/glusterfs/exp1
创建信任存储池
1
2
3
4
5
6
#控制节点操作
[root@linux-node1 ~]``# gluster peer probe linux-node2.example.com
peer probe: success.
#计算节点操作
[root@linux-node2 ~]``# gluster peer probe linux-node1.example.com
peer probe: success.
创建卷(在控制节点上创建)
1
2
[root@linux-node1 ~]``# gluster volume create cinder-volome01 replica 2 linux-node1.example.com:/data/glusterfs/exp1/ linux-node2.example.com:/data/glusterfs/exp1 force
volume create: cinder-volome01: success: please start the volume to access data
启动卷
1
2
[root@linux-node1 ~]``# gluster vol start cinder-volome01
volume start: cinder-volome01: success
查看卷
1
2
3
4
5
6
7
8
9
10
11
12
13
[root@linux-node1 ~]``# gluster vol info
Volume Name: cinder-volome01
Type: Replicate
Volume ID: 91ea6fb0-1b1e-4299-ba8b-976a61cc03d8
Status: Started
Number of Bricks: 1 x 2 = 2
Transport-``type``: tcp
Bricks:
Brick1: linux-node1.example.com:``/data/glusterfs/exp1
Brick2: linux-node2.example.com:``/data/glusterfs/exp1
Options Reconfigured:
performance.readdir-ahead: on
2) 部署Cinder环境
1
2
3
4
[root@linux-node1 ~]``# vim /etc/cinder/cinder.conf
1104 glusterfs_shares_config=``/etc/cinder/glusterfs_shares
[root@linux-node1 ~]``# vim /etc/cinder/glusterfs_shares
192.168.1.36:``/cinder-volome01
3) 创建GlustaerFS和NFS并用的存储类型(同时支持多个存储的方法)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@linux-node1 ~]``# vim /etc/cinder/cinder.conf
#注释掉下面几行NFS的配置:
970 #volume_backend_name=NFS-Storage
1837 #volume_driver=cinder.volume.drivers.nfs.NfsDriver
#修改并添加如下几行的配置:
578 enabled_backends=NFS_Driver,GlusterFS_Driver
#放到文件最后
[NFS_Driver]
volume_group=NFS_Driver
volume_driver=cinder.volume.drivers.nfs.NfsDriver
volume_backend_name=NFS-Storage
[GlusterFS_Driver]
volume_group=GlusterFS_Driver
volume_driver=cinder.volume.drivers.glusterfs.GlusterfsDriver
volume_backend_name=GlusterFS-Storage
重启Cinder-volume
1
[root@linux-node1 ~]``# /etc/init.d/openstack-cinder-volume restart
4) 创建GlusterFS存储类型
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@linux-node1 ~]``# cinder type-create GlusterFS
+--------------------------------------+-----------+
| ID | Name |
+--------------------------------------+-----------+
| 0672dc36-e993-4a82-861d-2e37bf4cbaa3 | GlusterFS |
+--------------------------------------+-----------+
[root@linux-node1 ~]``# cinder type-key GlusterFS set volume_backend_name=GlusterFS-Storage
[root@linux-node1 ~]``# cinder type-list
+--------------------------------------+-----------+
| ID | Name |
+--------------------------------------+-----------+
| 0672dc36-e993-4a82-861d-2e37bf4cbaa3 | GlusterFS |
| 22805989-61a6-4df1-aab1-8400f9567192 | NFS |
| 827a0535-cde1-4e91-99ff-7eb28e35d55c | iSCSI |
+--------------------------------------+-----------+
5) 创建GlusterFS类型云硬盘
手机扫一扫
移动阅读更方便
你可能感兴趣的文章