代码改变世界

OpenStack Controller HA (2)

2014-06-02 18:10  陈尚华  阅读(637)  评论(0编辑  收藏  举报

3.安装openstack服务

3.1.安装配置qpid

(1).更新第三方yum源

[root@controller01 ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

[root@controller01 ~]# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

[root@controller01 ~]# yum -y install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-8.noarch.rpm

(2).安装配置qpid

[root@controller01 ~]# yum -y install mysql qpid-cpp-server memcached

[root@controller01 ~]# vi /etc/qpidd.conf

………………

auth=no

(3).启动qpid服务

[root@controller01 ~]# service qpidd start

[root@controller01 ~]# chkconfig qpidd on

3.2.安装配置keystone

(1).yum安装keystone

[root@controller01 ~]# yum -y install openstack-keystone

(2).配置keystone服务

[root@controller01 ~]# cp -av /etc/keystone/keystone.conf  /etc/keystone/keystone.conf_bak

[root@controller01 ~]# sed -i '/^#/d' /etc/keystone/keystone.conf

[root@controller01 ~]# sed -i '/^$/d' /etc/keystone/keystone.conf

[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@mysqlserver/keystone

[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token c9d9d3ed3c12dd70ede7

[root@controller01 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller01

[root@controller02 ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT bind_host controller02

[root@controller01 ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

[root@controller01 ~]# scp -r /etc/keystone/ssl root@controller02:/etc/keystone/

[root@controller02 ~]# touch /var/log/keystone/keystone.log

[root@controller01 ~]# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log

(3).同步keystone数据库

[root@controller01 ~]# keystone-manage db_sync

(4).启动keystone服务

[root@controller01 ~]# service openstack-keystone start

[root@controller01 ~]# chkconfig openstack-keystone on

(5).配置环境变量

[root@controller01 ~]# vi ~/.bash_profile

export OS_USERNAME=admin

export OS_TENANT_NAME=admin

export OS_PASSWORD=password

export OS_AUTH_URL=http://controller:5000/v2.0

export SERVICE_ENDPOINT=http://controller:35357/v2.0

export SERVICE_TOKEN=c9d9d3ed3c12dd70ede7

[root@controller01 ~]# source ~/.bash_profile

(6).创建user、定义services和endpoint

[root@controller01 ~]# keystone tenant-create --name=admin --description='Admin Tenant'

[root@controller01 ~]# keystone tenant-create --name=service --description='Service Tenant'

[root@controller01 ~]# keystone user-create --name=admin --pass=password --email=keystone@chensh.net

[root@controller01 ~]# keystone role-create --name=admin

[root@controller01 ~]# keystone user-role-add --user=admin --tenant=admin --role=admin

[root@controller01 ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"

[root@controller01 ~]# mkdir /root/config

[root@controller01 ~]# vi /root/config/keystone-endpoint.sh

#!/bin/bash

my_ip=controller

service=$(keystone service-list | awk '/keystone/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:5000/v2.0 --internalurl=http://$my_ip:5000/v2.0 --adminurl=http://$my_ip:35357/v2.0

[root@controller01 ~]# sh /root/config/keystone-endpoint.sh 

(7).验证keystone

[root@controller01 ~]# keystone user-list

[root@controller01 ~]# keystone role-list

[root@controller01 ~]# keystone endpoint-list

3.3.安装配置glance

(1).yum安装glance

[root@controller01 ~]# yum -y install openstack-glance

(2).创建user、定义services和endpoint

[root@controller01 ~]# keystone user-create --name=glance --pass=service --email=glance@chensh.net

[root@controller01 ~]# keystone user-role-add --user=glance --tenant=service --role=admin

[root@controller01 ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"

[root@controller01 ~]# vi /root/config/glance-endpoint.sh 

#!/bin/bash

my_ip=controller

service=$(keystone service-list | awk '/glance/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:9292 --internalurl=http://$my_ip:9292 --adminurl=http://$my_ip:9292

[root@controller01 ~]# sh /root/config/glance-endpoint.sh 

(3).定义glance配置文件

[root@controller01 ~]# cp -av /etc/glance/glance-api.conf /etc/glance/glance-api.conf_bak

[root@controller01 ~]# cp -av /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf_bak

[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-api.conf

[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-api.conf

[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-registry.conf

[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-registry.conf

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller01

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller01

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller01

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller01

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller01

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance

[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT bind_host controller02

[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT registry_host controller02

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT rabbit_host controller02

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT qpid_hostname controller02

[root@controller02 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance

[root@controller02 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT bind_host controller02

[root@controller02 ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:glance@mysqlserver/glance


[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /etc/glance/glance-api-paste.ini

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone


[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /etc/glance/glance-registry-paste.ini

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

[root@controller01 ~]# cp -av /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini

[root@controller01 ~]# cp -av /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini

[root@controller01 ~]# chown -R root:glance /etc/glance/glance-api-paste.ini 

[root@controller01 ~]# chown -R root:glance /etc/glance/glance-registry-paste.ini

[root@controller01 ~]# cp -av /etc/glance/glance-api-paste.ini /etc/glance/glance-api-paste.ini_bak

[root@controller01 ~]# cp -av /etc/glance/glance-registry-paste.ini /etc/glance/glance-registry-paste.ini_bak

[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-api-paste.ini

[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-api-paste.ini

[root@controller01 ~]# sed -i '/^#/d' /etc/glance/glance-registry-paste.ini

[root@controller01 ~]# sed -i '/^$/d' /etc/glance/glance-registry-paste.ini


[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken auth_host controller

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_user glance

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_password service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken auth_host controller

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name service

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_user glance

[root@controller01 ~]# openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_password service


[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT filesystem_store_datadir /openstack/glance/images

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT scrubber_datadir /openstack/glance/scrubber

[root@controller01 ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT image_cache_dir /openstack/glance/image-cache

(4).修改glance数据文件

[root@controller01 ~]# cp -av /var/lib/glance /openstack/

[root@controller01 ~]# chown -R glance:glance /openstack/glance

(5).设置日志权限

[root@controller01 ~]# touch /var/log/glance/registry.log

[root@controller01 ~]# chown -R glance:glance /var/log/glance

(6).同步glance数据库

[root@controller01 ~]# glance-manage db_sync

(7).启动glance服务

[root@controller01 ~]# service openstack-glance-api start

[root@controller01 ~]# service openstack-glance-registry start

[root@controller01 ~]# chkconfig openstack-glance-api on

[root@controller01 ~]# chkconfig openstack-glance-registry on

(8).功能测试

[root@controller01 ~]# glance image-create --name=centos6.4_20G --disk-format=qcow2 --container-format=ovf --is-public=true < centos6.4_20G.qcow2

[root@controller01 ~]# glance image-list

3.4.安装配置nova

(1).yum安装nova

[root@controller01 ~]# yum -y install openstack-nova

(2).创建user、定义services和endpoint

[root@controller01 ~]# keystone user-create --name=nova --pass=service --email=nova@chensh.net

[root@controller01 ~]# keystone user-role-add --user=nova --tenant=service --role=admin

[root@controller01 ~]# keystone service-create --name=nova --type=compute --description="Nova Compute Service"

[root@controller01 ~]# vi /root/config/nova-user.sh

#!/bin/sh

my_ip=controller

service=$(keystone service-list | awk '/nova/ {print $2}')

keystone endpoint-create --service-id=$service --publicurl=http://$my_ip:8774/v2/%\(tenant_id\)s --internalurl=http://$my_ip:8774/v2/%\(tenant_id\)s --adminurl=http://$my_ip:8774/v2/%\(tenant_id\)s

[root@controller01 ~]# sh /root/config/nova-user.sh

(3).定义nova配置文件

[root@controller01 ~]# cp -av /etc/nova/nova.conf /etc/nova/nova.conf_bak

[root@controller01 ~]# sed -i '/^#/d' /etc/nova/nova.conf

[root@controller01 ~]# sed -i '/^$/d' /etc/nova/nova.conf

[root@controller01 ~]# vi /etc/nova/nova.conf

[DEFAULT]

my_ip = 192.168.20.21

auth_strategy = keystone

state_path = /openstack/nova

verbose = True

allow_resize_to_same_host = true

rpc_backend = nova.openstack.common.rpc.impl_qpid

qpid_hostname = controller

libvirt_type = kvm

glance_api_servers = controller:9292

#novncproxy_base_url = http://controller01:6080/vnc_auto.html

#vncserver_proxyclient_address = controller01

vnc_enabled = true

vnc_keymap = en-us

network_manager = nova.network.manager.FlatDHCPManager

firewall_driver = nova.virt.firewall.NoopFirewallDriver

multi_host = True

flat_interface = eth1

flat_network_bridge = br1

public_interface = eth0

instance_usage_audit = True

instance_usage_audit_period = hour

notify_on_state_change = vm_and_task_state

notification_driver = nova.openstack.common.notifier.rpc_notifier

compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler

ec2_listen = controller01

ec2_listen_port = 8773

osapi_compute_listen = controller01

osapi_compute_listen_port = 8774

metadata_listen = controller01

metadata_listen_port = 8775

novncproxy_host = controller01

vncserver_listen = controller01

novncproxy_port = 6080

qpid_hosts = controller01:5672,controller02:5672

memcached_servers = controller01:11211, controller02:11211

[hyperv]

[zookeeper]

[osapi_v3]

[conductor]

[keymgr]

[cells]

[database]

sql_connection = mysql://nova:nova@mysqlserver/nova

[image_file_url]

[baremetal]

[rpc_notifier2]

[matchmaker_redis]

[ssl]

[trusted_computing]

[upgrade_levels]

[matchmaker_ring]

[vmware]

[spice]

[keystone_authtoken]

auth_host = controller

auth_port = 35357

auth_protocol = http

admin_user = nova

admin_tenant_name = service

admin_password = service

[root@controller01 ~]# vi /etc/nova/nova.conf

[DEFAULT]

my_ip = 192.168.20.22

auth_strategy = keystone

state_path = /openstack/nova

verbose = True

allow_resize_to_same_host = true

rpc_backend = nova.openstack.common.rpc.impl_qpid

qpid_hostname = controller

libvirt_type = kvm

glance_api_servers = controller:9292

#novncproxy_base_url = http://controller02:6080/vnc_auto.html

#vncserver_proxyclient_address = controller02

vnc_enabled = true

vnc_keymap = en-us

network_manager = nova.network.manager.FlatDHCPManager

firewall_driver = nova.virt.firewall.NoopFirewallDriver

multi_host = True

flat_interface = eth1

flat_network_bridge = br1

public_interface = eth0

instance_usage_audit = True

instance_usage_audit_period = hour

notify_on_state_change = vm_and_task_state

notification_driver = nova.openstack.common.notifier.rpc_notifier

compute_scheduler_driver = nova.scheduler.simple.SimpleScheduler

ec2_listen = controller02

ec2_listen_port = 8773

osapi_compute_listen = controller02

osapi_compute_listen_port = 8774

metadata_listen = controller02

metadata_listen_port = 8775

novncproxy_host = controller02

vncserver_listen = controller02

novncproxy_port = 6080

qpid_hosts = controller01:5672,controller02:5672

memcached_servers = controller01:11211, controller02:11211

[hyperv]

[zookeeper]

[osapi_v3]

[conductor]

[keymgr]

[cells]

[database]

sql_connection = mysql://nova:nova@mysqlserver/nova

[image_file_url]

[baremetal]

[rpc_notifier2]

[matchmaker_redis]

[ssl]

[trusted_computing]

[upgrade_levels]

[matchmaker_ring]

[vmware]

[spice]

[keystone_authtoken]

auth_host = controller

auth_port = 35357

auth_protocol = http

admin_user = nova

admin_tenant_name = service

admin_password = service

[root@controller01 ~]# vi /etc/nova/api-paste.ini

auth_url = http://controller:35357/v2.0

auth_host = controller

auth_port = 35357

auth_protocol = http

admin_user = nova

admin_tenant_name = service

admin_password = service

(4).修改nova数据存储路径

[root@controller01 ~]# cp -av /var/lib/nova /openstack/

[root@controller01 ~]# chown -R nova:nova /openstack/nova

(5).同步nova数据库

[root@controller01 ~]# nova-manage db sync

(6).设置日志权限

[root@controller01 ~]# chown -R nova:nova /var/log/nova 

(7).修正nova bug

[root@controller01 ~]# vi /usr/lib/python2.6/site-packages/nova/wsgi.py

Bug:https://review.openstack.org/#/c/60838/3/nova/wsgi.py


(8).启动nova相关服务

[root@controller01 ~]# service libvirtd start

[root@controller01 ~]# chkconfig libvirtd on

[root@controller01 ~]# service messagebus start

[root@controller01 ~]# chkconfig messagebus on

[root@controller01 ~]# service openstack-nova-api start

[root@controller01 ~]# service openstack-nova-cert start

[root@controller01 ~]# service openstack-nova-consoleauth start

[root@controller01 ~]# service openstack-nova-scheduler start

[root@controller01 ~]# service openstack-nova-conductor start

[root@controller01 ~]# service openstack-nova-novncproxy start

[root@controller01 ~]# service openstack-nova-network start

[root@controller01 ~]# chkconfig openstack-nova-api on

[root@controller01 ~]# chkconfig openstack-nova-cert on

[root@controller01 ~]# chkconfig openstack-nova-consoleauth on

[root@controller01 ~]# chkconfig openstack-nova-scheduler on

[root@controller01 ~]# chkconfig openstack-nova-conductor on

[root@controller01 ~]# chkconfig openstack-nova-novncproxy on

[root@controller01 ~]# chkconfig openstack-nova-network on

(9).设置安全组规则

[root@controller01 ~]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

[root@controller01 ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0

(10).nova功能测试

[root@controller01 ~]# nova image-list

[root@controller01 ~]# nova network-create vmnet --fixed-range-v4=10.1.1.0/24 --bridge=br1 --bridge-interface=eth1 --multi-host=T --dns1=202.106.0.20 --dns2=202.96.69.38

[root@controller01 ~]# nova boot --flavor 2 --image centos6.4_20G vm-00