知识共享许可协议
本作品采用知识共享署名-非商业性使用-禁止演绎 3.0 未本地化版本许可协议进行许可。

OpenStack Icehouse Nova-Network on Centos 6.5安装记录

Author
nate.yu <nate.yhz at gmail.com>
Requirements
CentOS release 6.5 (Final)
说明
安装流程参考了网上信息,个人记录,请勿使用,发生一切事情,后果自负!!!
安装内容
网络说明
eth0 接外部网络
eth1 接内部网络 禁用DHCP
安装基础软件
  • 修改源

    rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    
    rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
    
    yum install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
    
    yum update
    
  • 安装vim gcc gcc-c++ make cmake lsof

    yum install vim gcc gcc-c++ make cmake lsof
    
  • 修改主机名

    vim /etc/sysconfig/network
    HOSTNAME=openstack
    
  • 修改hosts

    vim /etc/hosts
    127.0.0.1 openstack
    
  • 关闭selinux

    vim /etc/selinux/config
    SELINUX=disabled
    
  • 设置转发

    vim /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    
    sysctl -p 
    
  • 重启系统

    reboot
    
  • 安装NTP

    yum -y install ntp
    
    driftfile /var/lib/ntp/ntp.drift
    statistics loopstats peerstats clockstats
    filegen loopstats file loopstats type day enable
    filegen peerstats file peerstats type day enable
    filegen clockstats file clockstats type day enable
    server 202.120.2.101
    restrict -4 default kod notrap nomodify nopeer noquery
    restrict -6 default kod notrap nomodify nopeer noquery
    restrict 127.0.0.1
    restrict ::1
    server 127.127.1.0
    fudge 127.127.1.0 stratum 8 
    
    service ntpd start
    
    chkconfig ntpd on
    
安装MySQL
  • 安装

    yum -y install mysql mysql-server MySQL-python
    
  • 修改配置文件

    vim /etc/my.cnf
    [mysqld]
    bind-address = 0.0.0.0  
    
  • 启动

    service mysqld start
    
  • 设置开机启动

    chkconfig mysqld on
    
  • 修改密码

    mysqladmin -uroot password '123123'; history -c
    
  • 重启

    service mysqld restart
    
安装RabbitMQ
  • 安装

    yum -y install rabbitmq-server
    
  • 启动

    service rabbitmq-server start
    
  • 修改密码

    rabbitmqctl change_password guest nate123
    
  • 设置开机启动

    chkconfig rabbitmq-server on
    
  • 重启

    service rabbitmq-server restart
    
安装OpenStack工具包
  • 安装

    yum -y install openstack-utils
    
安装Keystone
  • 安装

    yum -y install openstack-keystone
    
  • 创建keystone 数据库

    openstack-db --init --service keystone
    
  • 修改配置

    openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
    
  • 创建设置环境变量文件

    openssl rand -hex 10
    
    vim ~/creds
    export OS_USERNAME=admin
    export OS_TENANT_NAME=admin
    export OS_PASSWORD=123123
    export OS_AUTH_URL=http://127.0.0.1:5000/v2.0
    export SERVICE_TOKEN=上面openssl得到的值
    export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0
    
    source ~/creds
    
  • 配置token

    openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
    
  • 创建密钥

    keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
    
  • 设置访问权限

    chown -R keystone:keystone /etc/keystone/* 
    chown keystone:keystone /var/log/keystone/keystone.log
    
  • 启动

    service openstack-keystone start
    
  • 设置开机启动

    chkconfig openstack-keystone on
    
  • 重启

    service openstack-keystone restart
    
  • 创建管理员

    keystone user-create --name=admin --pass=123123 --email=nate_yhz@outlook.com
    
  • 创建管理员角色

    keystone role-create --name=admin
    
  • 创建admin & service 的tenant

    keystone tenant-create --name=admin --description='Admin Tenant'
    keystone tenant-create --name=service --description='Service Tenant'
    
  • 绑定用户,角色和租户

    keystone user-role-add --user=admin --tenant=admin --role=admin
    
  • 创建服务

    keystone service-create --name=keystone --type=identity --description="KeystoneIdentity Service"
    
  • 创建endpoint

    外部IP
    export ip=192.168.0.100
    
    获取 service id 
    keystone service-list       
    keystone endpoint-create --service-id=上面命令获取的service_id --publicurl=http://$ip:5000/v2.0 --internalurl=http://$ip:5000/v2.0 --adminurl=http://$ip:35357/v2.0
    
安装Glance
  • 安装

    yum -y install openstack-glance
    
  • 创建数据库

    openstack-db --init --service glance
    
  • 修改配置

    openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance
    openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@localhost/glance
    
  • 创建glance用户

    keystone user-create --name=glance --pass=123123 --email=nate_yhz@outlook.com
    
  • 绑定用户

    keystone user-role-add --user=glance --tenant=service --role=admin
    
  • 创建服务

    keystone service-create --name=glance --type=image --description="Glance ImageService"
    
  • 创建endpoint

    外部IP
    export ip=192.168.0.100
    
    获取 service id 
    keystone service-list
    keystone endpoint-create --service-id=上面命令获取的service_id --publicurl=http://$ip:9292 --internalurl=http://$ip:9292 --adminurl=http://$ip:9292
    
  • 修改glance-api.conf

    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password 123123
    
    openstack-config --set /etc/glance/glance-api.conf DEFAULT notifier_strategy rabbit
    openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_password nate123
    
  • 修改glance-registry.conf

    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password 123123
    
  • 修改ini文件

    cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
    cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
    chown -R root:glance /etc/glance/glance-api-paste.ini 
    chown -R root:glance /etc/glance/glance-registry-paste.ini
    
    openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini
    openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
    openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini
    openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
    
    openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host 127.0.0.1
    openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance
    openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password 123123
    
    openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host 127.0.0.1
    openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance
    openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password 123123
    
  • 启动

    service openstack-glance-api start
    service openstack-glance-registry start
    
  • 设置开机自启动

    chkconfig openstack-glance-api on
    chkconfig openstack-glance-registry on
    
  • 重启

    service openstack-glance-api restart
    service openstack-glance-registry restart
    
  • 测试

    glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
    
  • 列出所有映像

    glance image-list
    
安装Nova
  • 安装

    yum -y install openstack-nova
    
  • 创建数据库

    openstack-db --init --service nova
    
  • 创建nova用户

    keystone user-create --name=nova --pass=123123 --email=nate_yhz@outlook.com
    
  • 绑定用户

    keystone user-role-add --user=nova --tenant=service --role=admin
    
  • 创建服务

    keystone service-create --name=nova --type=compute --description="Nova Compute Service"
    
  • 创建endpoint

    外部IP
    export ip=192.168.0.100
    
    获取 service id 
    keystone service-list
    keystone endpoint-create --service-id=上面命令获取的service_id --publicurl=http://$ip:8774/v2/%\(tenant_id\)s --internalurl=http://$ip:8774/v2/%\(tenant_id\)s --adminurl=http://$ip:8774/v2/%\(tenant_id\)s
    
  • 修改nova.conf

    vim /etc/nova/nova.conf
    [DEFAULT]
    my_ip = 192.168.0.100
    auth_strategy = keystone
    state_path = /var/lib/nova
    verbose=True
    
    allow_resize_to_same_host = true
    rpc_backend=nova.openstack.common.rpc.impl_kombu
    rabbit_host = localhost
    rabbit_port = 5672
    rabbit_password = nate123
    libvirt_type = kvm
    libvirt_inject_password = true
    glance_api_servers = 192.168.0.100:9292
    
    novncproxy_base_url = http://192.168.0.100:6080/vnc_auto.html
    vncserver_listen = 192.168.0.100
    vncserver_proxyclient_address = 192.168.0.100
    vnc_enabled = true
    vnc_keymap = en-us
    
    network_manager = nova.network.manager.FlatDHCPManager
    firewall_driver = nova.virt.firewall.NoopFirewallDriver
    multi_host = True
    flat_interface = eth1
    flat_network_bridge = br1
    public_interface = eth0
    
    instance_usage_audit = True
    instance_usage_audit_period = hour
    notify_on_state_change = vm_and_task_state
    notification_driver = nova.openstack.common.notifier.rpc_notifier
    
    compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
    [hyperv]
    [zookeeper]
    [osapi_v3]
    [conductor]
    [keymgr]
    [cells]
    [database]
    [image_file_url]
    [baremetal]
    [rpc_notifier2]
    [matchmaker_redis]
    [ssl]
    [trusted_computing]
    [upgrade_levels]
    [matchmaker_ring]
    [vmware]
    [spice]
    [keystone_authtoken]
    auth_host = 127.0.0.1
    auth_port = 35357
    auth_protocol = http
    admin_user = nova
    admin_tenant_name = service
    admin_password = 123123
    
  • 启动libvirtd

    service libvirtd start
    
  • 删除default

    virsh net-destroy default
    virsh net-undefine default
    
  • 设置开机启动

    chkconfig libvirtd on
    
  • 重启

    service libvirtd restart
    
  • 启动 messagebus

    service messagebus start
    
  • 设置开机启动

    chkconfig messagebus on
    
  • 启动nova

    service openstack-nova-api start
    service openstack-nova-cert start
    service openstack-nova-consoleauth start
    service openstack-nova-scheduler start
    service openstack-nova-conductor start
    service openstack-nova-novncproxy start
    service openstack-nova-compute start
    service openstack-nova-network start
    
  • 配置nova

    chkconfig openstack-nova-api on
    chkconfig openstack-nova-cert on
    chkconfig openstack-nova-consoleauth on
    chkconfig openstack-nova-scheduler on
    chkconfig openstack-nova-conductor on
    chkconfig openstack-nova-novncproxy on
    chkconfig openstack-nova-compute on
    chkconfig openstack-nova-network on
    
  • 重启nova

    service openstack-nova-api restart
    service openstack-nova-cert restart
    service openstack-nova-consoleauth restart
    service openstack-nova-scheduler restart
    service openstack-nova-conductor restart
    service openstack-nova-novncproxy restart
    service openstack-nova-compute restart
    service openstack-nova-network restart
    
  • 创建内部网络

    nova network-create vmnet --fixed-range-v4=10.0.0.0/24 --bridge-interface=br1 --multi-host=T
    
  • 创建外部网络

    nova-manage floating create --ip_range=10.211.55.0/24  --pool public_ip
    
  • 查看网络

    nova network-list
    nova-manage network list
    
  • 设置防火墙开放22端口和icmp协议

    nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
    nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
    
  • 查看可用镜像

    nova image-list
    
  • 创建实例

    nova boot --flavor 1 --image myFirstImage test_vm
    
  • 查看运行

    nova list
    
安装Cinder
  • 安装

    yum -y install openstack-cinder scsi-target-utils
    
  • 创建数据库

    openstack-db --init --service cinder
    
  • 修改数据库连接

    openstack-config --set /etc/cinder/cinder.conf database connection mysql://cinder:cinder@localhost/cinder
    
  • 创建cinder用户

    keystone user-create --name=cinder --pass=123123 --email=nate_yhz@outlook.com
    
  • 绑定用户

    keystone user-role-add --user=cinder --tenant=service --role=admin
    
  • 创建服务

    keystone service-create --name=cinder --type=volume --description="OpenStack Block Storage"
    
    keystone service-create --name=cinderv2 --type=volumev2 --description="OpenStack Block Storage v2"
    
  • 创建endpoint

    外部IP
    export ip=192.168.0.100
    
    keystone endpoint-create --service-id=$(keystone service-list | awk '/ volume / {print $2}') --publicurl=http://$ip:8776/v1/%\(tenant_id\)s --internalurl=http://$ip:8776/v1/%\(tenant_id\)s --adminurl=http://$ip:8776/v1/%\(tenant_id\)s
    
    keystone endpoint-create --service-id=$(keystone service-list | awk '/ volumev2 / {print $2}') --publicurl=http://$ip:8776/v2/%\(tenant_id\)s --internalurl=http://$ip:8776/v2/%\(tenant_id\)s --adminurl=http://$ip:8776/v2/%\(tenant_id\)s
    
  • 更新 /etc/cinder/cinder.conf

    openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://127.0.0.1:5000
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_host 127.0.0.1
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken admin_user cinder
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/cinder/cinder.conf keystone_authtoken admin_password 123123
    
    openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
    openstack-config --set /etc/cinder/cinder.conf DEFAULT rabbit_password nate123
    
    openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_host 127.0.0.1
    
  • 更新 /etc/tgt/targets.conf

    include /etc/cinder/volumes/*
    
  • 启动

    service openstack-cinder-api start
    service openstack-cinder-scheduler start
    service openstack-cinder-volume start
    service tgtd start
    
  • 设置开机启动

    chkconfig openstack-cinder-api on
    chkconfig openstack-cinder-scheduler on
    chkconfig openstack-cinder-volume on
    chkconfig tgtd on
    
  • 创建硬盘

    dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=2G
    losetup /dev/loop2 cinder-volumes
    fdisk /dev/loop2
    #Type in the followings:
    n
    p
    1
    ENTER
    ENTER
    t
    8e
    w
    
    pvcreate /dev/loop2
    vgcreate cinder-volumes /dev/loop2
    
  • 重启

    service openstack-cinder-api restart
    service openstack-cinder-scheduler restart
    service openstack-cinder-volume restart
    service tgtd restart
    
安装Horizon
  • 安装

    yum -y install openstack-dashboard
    
  • 启动apache服务

    service httpd start
    
  • 设置开机启动

    chkconfig httpd on
    
  • 重启nova-api

    service openstack-nova-api restart
    
  • 系统防火墙设置

    iptables -I INPUT -p tcp --dport 80 -j ACCEPT
    iptables -I INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
    iptables -I INPUT -p tcp --dport 6080 -j ACCEPT
    iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
    iptables -I INPUT -p tcp --dport 5000 -j ACCEPT
    iptables -I INPUT -p tcp --dport 35357 -j ACCEPT
    iptables -I INPUT -p tcp --dport 5672 -j ACCEPT
    iptables -I INPUT -p tcp --dport 9292 -j ACCEPT
    iptables -I INPUT -p udp -m udp --dport 123 -j ACCEPT 
    service iptables save
    
相关错误及解决方法
  • 错误#1

    修改 notifier_strategy = rabbit
    'glance.notifier.notify_kombu.RabbitStrategy' is not an available notifier strategy.
    
    解决办法:
    yum install python-kombu
    
  • 错误#2

    Invalid HTTP_HOST header (you may need to set ALLOWED_HOSTS): 
    解决方法:
    ALLOWED_HOSTS = ['horizon.example.com', 'localhost', '*']
    service httpd restart
    

增加计算节点

安装基础软件
  • 修改源

    sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-Base.repo
    
    sed -i 's/#baseurl=http:\/\/mirror.centos.org/baseurl=http:\/\/mirrors.yun-idc.com/g' /etc/yum.repos.d/CentOS-Base.repo
    
    rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    
    rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
    
    yum install http://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
    
    yum update
    
  • 安装vim gcc gcc-c++ make cmake lsof

    yum install vim gcc gcc-c++ make cmake lsof
    
  • 修改主机名

    vim /etc/sysconfig/network
    HOSTNAME=compute-node-1
    
  • 修改hosts

    vim /etc/hosts
    127.0.0.1 compute-node-1
    
  • 关闭selinux

    vim /etc/selinux/config
    SELINUX=disabled
    
  • 设置转发

    vim /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    
    sysctl -p 
    
  • 重启系统

    reboot
    
  • 安装ntpdate

    yum -y install ntpdate
    
    ntpdate 192.168.0.100
    
  • 设置cron

    crontab -e      
    */5 * * * * ntpdate 192.168.0.100 >> /var/log/ntpdate.log
    service crond restart
    
  • 创建环境变量文件

    vim ~/creds
    export OS_USERNAME=admin
    export OS_TENANT_NAME=admin
    export OS_PASSWORD=123123
    export OS_AUTH_URL=http://192.168.0.100:5000/v2.0
    export SERVICE_TOKEN=控制节点上的值
    export SERVICE_ENDPOINT=http://192.168.0.100:35357/v2.0
    
    source ~/creds
    
安装libvirt
  • 安装

    yum -y install qemu-kvm libvirt
    
  • 启动

    service libvirtd start
    
  • 设置开机启动

    chkconfig libvirtd on
    
  • 删除default

    virsh net-destroy default
    virsh net-undefine default
    
  • 重启

    service libvirtd restart
    
安装MySQL客户端
  • 安装

    yum -y install mysql
    
安装Nova
  • 安装

    yum -y install openstack-nova-compute openstack-nova-network openstack-nova-scheduler
    
  • 修改nova.conf

    vim /etc/nova/nova.conf
    [DEFAULT]
    my_ip = 192.168.0.101
    auth_strategy = keystone
    state_path = /var/lib/nova
    verbose=True
    
    allow_resize_to_same_host = true
    rpc_backend=nova.openstack.common.rpc.impl_kombu
    rabbit_host = 192.168.0.100
    rabbit_port = 5672
    rabbit_password = nate123
    libvirt_type = kvm
    lbivrit_inject_password = true
    glance_api_servers = 192.168.0.100:9292
    
    novncproxy_base_url = http://192.168.0.100:6080/vnc_auto.html
    vncserver_listen = 192.168.0.101
    vncserver_proxyclient_address = 192.168.0.101
    vnc_enabled = true
    vnc_keymap = en-us
    
    network_manager = nova.network.manager.FlatDHCPManager
    firewall_driver = nova.virt.firewall.NoopFirewallDriver
    multi_host = True
    flat_interface = eth1
    flat_network_bridge = br1
    public_interface = eth0
    
    instance_usage_audit = True
    instance_usage_audit_period = hour
    notify_on_state_change = vm_and_task_state
    notification_driver = nova.openstack.common.notifier.rpc_notifier
    
    compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
    [hyperv]
    [zookeeper]
    [osapi_v3]
    [conductor]
    [keymgr]
    [cells]
    [database]
    sql_connection=mysql://nova:nova@192.168.0.100/nova
    [image_file_url]
    [baremetal]
    [rpc_notifier2]
    [matchmaker_redis]
    [ssl]
    [trusted_computing]
    [upgrade_levels]
    [matchmaker_ring]
    [vmware]
    [spice]
    [keystone_authtoken]
    auth_host = 192.168.0.100
    auth_port = 35357
    auth_protocol = http
    admin_user = nova
    admin_tenant_name = service
    admin_password = 123123
    
  • 启动服务

    service messagebus start
    service openstack-nova-compute start
    service openstack-nova-network start
    
  • 设置开机启动

    chkconfig messagebus on
    chkconfig openstack-nova-compute on
    chkconfig openstack-nova-network on
    
  • 重启服务

    service messagebus restart
    service openstack-nova-compute restart
    service openstack-nova-network restart
    
  • 查看服务

    nova-manage service list
    
  • 设置防火墙

    iptables -I INPUT -p tcp -m multiport --dports 5900:6000 -j ACCEPT
    service iptables save