OpenStack Grizzly Multihost部署文档

OpenStack Grizzly Multihost部署文档

ukalpa

2013-8-27

OpenStack G版本的Multihost部署文档，参考了几位前辈的部署步骤，自己增加了一些变量修改，主要是希望搭建一个可用的生产环境，虽然版本比较初级，但是会逐渐完善

生产环境中部署OpenStack基本的要求的是稳定，安全和可扩展性，使用Multihost方式部署的好处是保证了网络的高可用，服务器数量捉急，所以选择mseknibilel的部署方式会比较纠结于控制节点和网络节点的资源浪费。所以本文档参考Longgeek的这篇文章，只做控制节点和计算节点，1个控制节点配多个计算节点，Quantum部署在计算节点上。

环境要求

先安装1个控制节点和1个计算节点，计算节点可以动态增加，只要将IP地址递增即可

节点类型	网卡配置
控制节点	eth0 (172.16.0.51), eth1 (59.65.233.231)
计算节点	eth0 (172.16.0.52), eth1 (10.10.10.52), eth2 (59.65.233.233)

第一次搭建的时候出了些问题，网卡端口和网络配置没一一映射，通过Linux的mii-tool指令，可以查看每个端口的连接情况

控制节点

 基本环境变量配置

1. export YS_CON_MANAGE_IP=172.16.0.51
2. export YS_CON_MANAGE_NETMASK=255.255.0.0
3. export YS_CON_EXT_IP=59.65.233.231
4. export YS_CON_EXT_NETMASK=255.255.255.0
5. export YS_CON_EXT_GATEWAY=59.65.233.254
6. export YS_CON_EXT_DNS=202.204.65.5
7. export YS_CON_SERVICE_ENDPOINT_IP=172.16.0.51
8. export YS_CON_MYSQL_USER=root
9. export YS_CON_MYSQL_PASS=123qwe
10. export ADMIN_PASSWORD=123qwe
11. export ADMIN_TOKEN=ceit
12. export OS_TENANT_NAME=admin
13. export OS_USERNAME=admin
14. export OS_PASSWORD=$ADMIN_PASSWORD
15. export OS_AUTH_URL="http://${YS_CON_MANAGE_IP}:5000/v2.0/"
16. export OS_REGION_NAME=RegionOne
17. export SERVICE_TOKEN=${AMDIN_TOKEN}
18. export SERVICE_ENDPOINT=http://${YS_CON_MANAGE_IP}:35357/v2.0/

网络设置

设置网卡信息

1. cat > /etc/network/interfaces << _EOF_
2. auto eth0
3. iface eth0 inet static
4. address $YS_CON_MANAGE_IP
5. netmask $YS_CON_MANAGE_NETMASK
6. auto eth1
7. iface eth1 inet static
8. address $YS_CON_EXT_IP
9. netmask $YS_CON_EXT_NETMASK
10. gateway $YS_CON_EXT_GATEWAY
11. dns-nameservers $YS_CON_EXT_DNS
12. _EOF_

重启网络服务

1. /etc/init.d/networking restart

添加源

添加Ubuntu Grizzly源，并升级

1. cat > /etc/apt/sources.list.d/grizzly.list << _EOF_
2. deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main
3. deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/grizzly main
4. _EOF_
5. apt-get update
6. apt-get -y upgrade --force-yes
7. apt-get install -y ubuntu-cloud-keyring --force-yes

安装MySQL和RabbitMQ

安装MySQL

1. export DEBIAN_FRONTEND=noninteractive
2. apt-get install -q -y mysql-server python-mysqldb
3. mysqladmin -u $YS_CON_MYSQL_USER password $YS_CON_MYSQL_PASS

修改/etc/mysql/my.cnf文件绑定地址从127.0.0.1到0.0.0.0，禁止 mysql 做域名解析，防止连接错误，然后重新启动mysql服务.

1. sed -i -e 's/127.0.0.1/0.0.0.0/g' -e '/skip-external-locking/a skip-name-resolve' /etc/mysql/my.cnf
2. /etc/init.d/mysql restart

安装 RabbitMQ

1. apt-get install -y rabbitmq-server --force-yes

时间同步NTP

安装NTP并配置以计算节点为同步时钟

1. apt-get install -y ntp
2. sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
3. service ntp restart

允许路由转发

开启路由转发

1. sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
2. sysctl net.ipv4.ip_forward=1

安装认证模块Keystone

安装认证模块Keystone

1. apt-get install -y keystone --force-yes

增加数据库连接权限

1. mysql -u$YS_CON_MYSQL_USER -p$YS_CON_MYSQL_PASS -e "
2. create database keystone;
3. grant all on keystone.* to 'keystone'@'%' identified by 'keystone';"

修改/etc/keystone/keystone.conf配置文件

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/keystone/keystone.conf;
5. done << _EOF_
6. admin_token = $ADMIN_TOKEN
7. token_format = UUID
8. debug = True
9. verbose = True
10. connection = mysql://keystone:keystone@${YS_CON_MANAGE_IP}/keystone
11. _EOF_

启用keystone然后同步数据库

1. service keystone restart
2. keystone-manage db_sync

导入keystone数据，如果剪切板有限制的话最好分两次粘贴

第一部分：

1. ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
2. SERVICE_PASSWORD=${ADMIN_PASSWORD:-password}
3. export SERVICE_TOKEN=$ADMIN_TOKEN
4. export SERVICE_ENDPOINT="http://${YS_CON_SERVICE_ENDPOINT_IP}:35357/v2.0"
5. SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
6. KEYSTONE_REGION=RegionOne
7. KEYSTONE_IP=$YS_CON_SERVICE_ENDPOINT_IP
8. SWIFT_IP=$YS_CON_SERVICE_ENDPOINT_IP
9. COMPUTE_IP=$KEYSTONE_IP
10. EC2_IP=$KEYSTONE_IP
11. GLANCE_IP=$KEYSTONE_IP
12. VOLUME_IP=$KEYSTONE_IP
13. QUANTUM_IP=$KEYSTONE_IP
14. get_id () {
15. echo `$@ | awk '/ id / { print $4 }'`
16. }
17. ADMIN_TENANT=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT tenant-create --name=admin)
18. SERVICE_TENANT=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT tenant-create --name=$SERVICE_TENANT_NAME)
19. DEMO_TENANT=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT tenant-create --name=demo)
20. INVIS_TENANT=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT tenant-create --name=invisible_to_admin)
21. ADMIN_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=admin --pass="$ADMIN_PASSWORD" [email protected])
22. DEMO_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=demo --pass="$ADMIN_PASSWORD" [email protected])
23. ADMIN_ROLE=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT role-create --name=admin)
24. KEYSTONEADMIN_ROLE=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT role-create --name=KeystoneAdmin)
25. KEYSTONESERVICE_ROLE=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT role-create --name=KeystoneServiceAdmin)
26. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
27. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $DEMO_TENANT
28. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
29. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT
30. MEMBER_ROLE=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT role-create --name=Member)
31. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $DEMO_TENANT
32. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --user-id $DEMO_USER --role-id $MEMBER_ROLE --tenant-id $INVIS_TENANT
33. NOVA_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT [email protected])
34. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE
35. GLANCE_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT [email protected])
36. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE
37. SWIFT_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=swift --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT [email protected])
38. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $SWIFT_USER --role-id $ADMIN_ROLE
39. RESELLER_ROLE=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT role-create --name=ResellerAdmin)

第二部分：

1. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $RESELLER_ROLE
2. QUANTUM_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT [email protected])
3. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $QUANTUM_USER --role-id $ADMIN_ROLE
4. CINDER_USER=$(get_id keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-create --name=cinder --pass="$SERVICE_PASSWORD" --tenant-id $SERVICE_TENANT [email protected])
5. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id ${ADMIN_ROLE}
6. KEYSTONE_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name keystone --type identity --description 'OpenStack Identity'| awk '/ id / { print $4 }')
7. COMPUTE_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=nova --type=compute --description='OpenStack Compute Service'| awk '/ id / { print $4 }')
8. CINDER_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=cinder --type=volume --description='OpenStack Volume Service'| awk '/ id / { print $4 }')
9. GLANCE_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=glance --type=image --description='OpenStack Image Service'| awk '/ id / { print $4 }')
10. SWIFT_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=swift --type=object-store --description='OpenStack Storage Service' | awk '/ id / { print $4 }')
11. EC2_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=ec2 --type=ec2 --description='OpenStack EC2 service'| awk '/ id / { print $4 }')
12. QUANTUM_ID=$(keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT service-create --name=quantum --type=network --description='OpenStack Networking service'| awk '/ id / { print $4 }')

第三部分：

1. if [ "$KEYSTONE_WLAN_IP" != '' ];then
2. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$KEYSTONE_ID --publicurl http://"$KEYSTONE_WLAN_IP":5000/v2.0 --adminurl http://"$KEYSTONE_WLAN_IP":35357/v2.0 --internalurl http://"$KEYSTONE_WLAN_IP":5000/v2.0
3. fi
4. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$KEYSTONE_ID --publicurl http://"$KEYSTONE_IP":5000/v2.0 --adminurl http://"$KEYSTONE_IP":35357/v2.0 --internalurl http://"$KEYSTONE_IP":5000/v2.0
5. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$COMPUTE_ID --publicurl http://"$COMPUTE_IP":8774/v2/\$\(tenant_id\)s --adminurl http://"$COMPUTE_IP":8774/v2/\$\(tenant_id\)s --internalurl http://"$COMPUTE_IP":8774/v2/\$\(tenant_id\)s
6. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$CINDER_ID --publicurl http://"$VOLUME_IP":8776/v1/\$\(tenant_id\)s --adminurl http://"$VOLUME_IP":8776/v1/\$\(tenant_id\)s --internalurl http://"$VOLUME_IP":8776/v1/\$\(tenant_id\)s
7. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$GLANCE_ID --publicurl http://"$GLANCE_IP":9292/v2 --adminurl http://"$GLANCE_IP":9292/v2 --internalurl http://"$GLANCE_IP":9292/v2
8. if [ "$SWIFT_WLAN_IP" != '' ];then
9. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$SWIFT_ID --publicurl http://"$SWIFT_WLAN_IP":8080/v1/AUTH_\$\(tenant_id\)s --adminurl http://"$SWIFT_WLAN_IP":8080/v1 --internalurl http://"$SWIFT_WLAN_IP":8080/v1/AUTH_\$\(tenant_id\)s
10. fi
11. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$SWIFT_ID --publicurl http://"$SWIFT_IP":8080/v1/AUTH_\$\(tenant_id\)s --adminurl http://"$SWIFT_IP":8080/v1 --internalurl http://"$SWIFT_IP":8080/v1/AUTH_\$\(tenant_id\)s
12. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$EC2_ID --publicurl http://"$EC2_IP":8773/services/Cloud --adminurl http://"$EC2_IP":8773/services/Admin --internalurl http://"$EC2_IP":8773/services/Cloud
13. keystone --token $SERVICE_TOKEN --endpoint $SERVICE_ENDPOINT endpoint-create --region $KEYSTONE_REGION --service-id=$QUANTUM_ID --publicurl http://"$QUANTUM_IP":9696/ --adminurl http://"$QUANTUM_IP":9696/ --internalurl http://"$QUANTUM_IP":9696/

导入环境变量

1. cat > /root/tenantrc.sh << _EOF_
2. export OS_TENANT_NAME=admin
3. export OS_USERNAME=admin
4. export OS_PASSWORD=$ADMIN_PASSWORD
5. export OS_AUTH_URL="http://${YS_CON_MANAGE_IP}:5000/v2.0/"
6. export OS_REGION_NAME=RegionOne
7. export SERVICE_TOKEN=${AMDIN_TOKEN}
8. export SERVICE_ENDPOINT=http://${YS_CON_MANAGE_IP}:35357/v2.0/
9. _EOF_
10. echo 'source /root/export.sh' >> /root/.bashrc
11. source /root/export.sh

验证keystone

1. keystone user-list

安装镜像管理模块Glance

安装镜像管理模块Glance

1. apt-get install -y glance --force-yes

创建一个 glance 数据库并授权

1. mysql -u$YS_CON_MYSQL_USER -p$YS_CON_MYSQL_PASS -e "
2. create database glance;
3. grant all on glance.* to 'glance'@'%' identified by 'glance';"

更新 /etc/glance/glance-api.conf 文件

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/glance/glance-api.conf;
5. done << _EOF_
6. verbose = True
7. debug = True
8. sql_connection = mysql://glance:glance@${YS_CON_MANAGE_IP}/glance
9. workers = 4
10. registry_host = ${YS_CON_MANAGE_IP}
11. notifier_strategy = rabbit
12. rabbit_host = ${YS_CON_MANAGE_IP}
13. rabbit_userid = guest
14. rabbit_password = guest
15. auth_host = ${YS_CON_MANAGE_IP}
16. auth_port = 35357
17. auth_protocol = http
18. admin_tenant_name = service
19. admin_user = glance
20. admin_password = ${ADMIN_PASSWORD}
21. _EOF_
22. echo "config_file = /etc/glance/glance-api-paste.ini" >> /etc/glance/glance-api.conf
23. echo "flavor = keystone" >> /etc/glance/glance-api.conf

更新/etc/glance/glance-registry.conf文件

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/glance/glance-api.conf;
5. done << _EOF_
6. verbose = True
7. debug = True
8. sql_connection = mysql://glance:glance@${YS_CON_MANAGE_IP}/glance
9. auth_host = ${YS_CON_MANAGE_IP}
10. auth_port = 35357
11. auth_protocol = http
12. admin_tenant_name = service
13. admin_user = glance
14. admin_password = ${ADMIN_PASSWORD}
15. _EOF_
16. echo "config_file = /etc/glance/glance-api-paste.ini" >> /etc/glance/glance-api.conf
17. echo "flavor = keystone" >> /etc/glance/glance-api.conf

启动 glance-api 和 glance-registry 服务并同步到数据库：

1. /etc/init.d/glance-api restart
2. /etc/init.d/glance-registry restart
3. glance-manage version_control 0
4. glance-manage db_sync

测试 glance 的安装，上传一个镜像。下载 Cirros 镜像并上传:

1. wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
2. glance image-create --name='cirros' --public --container-format=ovf --disk-format=qcow2 < ./cirros-0.3.0-x86_64-disk.img

查看上传的镜像

1. glance image-list

安装块存储管理Cinder

安装块存储管理Cinder

1. apt-get install -y cinder-api cinder-common cinder-scheduler cinder-volume python-cinderclient iscsitarget open-iscsi iscsitarget-dkms --force-yes

配置 iscsi 并启动服务：

1. sed -i 's/false/true/g' /etc/default/iscsitarget
2. /etc/init.d/iscsitarget restart
3. /etc/init.d/open-iscsi restart

创建 cinder 数据库并授权用户访问：

1. mysql -u$YS_CON_MYSQL_USER -p$YS_CON_MYSQL_PASS -e "
2. create database cinder;
3. grant all on cinder.* to 'cinder'@'%' identified by 'cinder';"

修改 /etc/cinder/cinder.conf：

1. cat > /etc/cinder/cinder.conf << _EOF_
2. [DEFAULT]
3. verbose = True
4. debug = True
5. iscsi_helper = ietadm
6. auth_strategy = keystone
7. volume_group = cinder-volumes
8. volume_name_template = volume-%s
9. state_path = /var/lib/cinder
10. volumes_dir = /var/lib/cinder/volumes
11. rootwrap_config = /etc/cinder/rootwrap.conf
12. api_paste_config = /etc/cinder/api-paste.ini
13. rabbit_host = $YS_CON_MANAGE_IP
14. rabbit_password = guest
15. rpc_backend = cinder.openstack.common.rpc.impl_kombu
16. sql_connection = mysql://cinder:cinder@${YS_CON_MANAGE_IP}/cinder
17. osapi_volume_extension = cinder.api.contrib.standard_extensions
18. _EOF_

修改 /etc/cinder/api-paste.ini 文件末尾 filter:authtoken 字段

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/cinder/api-paste.ini;
5. done << _EOF_
6. service_host = ${YS_CON_MANAGE_IP}
7. service_port = 5000
8. auth_host = ${YS_CON_MANAGE_IP}
9. auth_port = 35357
10. auth_protocol = http
11. admin_tenant_name = service
12. admin_user = cinder
13. admin_password = ${ADMIN_PASSWORD}
14. signing_dir = /var/lib/cinder
15. _EOF_

创建一个卷组，命名为 cinder-volumes:

1. dd if=/dev/zero of=/opt/cinder-volumes bs=1 count=0 seek=5G
2. losetup /dev/loop2 /opt/cinder-volumes
3. fdisk /dev/loop2
4. #按下面步骤输入
5. n
6. p
7. 1
8. ENTER
9. ENTER
10. t
11. 8e
12. w

分区现在有了，创建物理卷和卷组

1. pvcreate /dev/loop2
2. vgcreate cinder-volumes /dev/loop2

这个卷组在系统重启会失效，把它写到 rc.local 中：

1. echo 'losetup /dev/loop2 /opt/cinder-volumes' >> /etc/rc.local

同步数据库并重启服务：

1. cinder-manage db sync
2. /etc/init.d/cinder-api restart
3. /etc/init.d/cinder-scheduler restart
4. /etc/init.d/cinder-volume restart

安装网络管理模块Quantum

安装 Quantum server 和 OpenVSwitch 包

1. apt-get install -y quantum-server quantum-plugin-openvswitch --force-yes

创建 quantum 数据库并授权用户访问：

1. mysql -u$YS_CON_MYSQL_USER -p$YS_CON_MYSQL_PASS -e "
2. create database quantum;
3. grant all on quantum.* to 'quantum'@'%' identified by 'quantum';"

编辑 /etc/quantum/quantum.conf 文件

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/quantum/quantum.conf;
5. done << _EOF_
6. debug = True
7. verbose = True
8. rabbit_host = ${YS_CON_MANAGE_IP}
9. rabbit_password = guest
10. rabbit_port = 5672
11. rabbit_userid = guest
12. auth_host = ${YS_CON_MANAGE_IP}
13. auth_port = 35357
14. auth_protocol = http
15. admin_tenant_name = service
16. admin_user = quantum
17. admin_password = ${ADMIN_PASSWORD}
18. signing_dir = /var/lib/quantum/keystone-signing
19. _EOF_

编辑 OVS 插件配置文件 /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini;
5. done << _EOF_
6. sql_connection = mysql://quantum:quantum@${YS_CON_MANAGE_IP}/quantum
7. tenant_network_type = gre
8. enable_tunneling = True
9. tunnel_id_ranges = 1:1000
10. _EOF_

启动 quantum 服务：

1. /etc/init.d/quantum-server restart

安装虚拟化管理模块Nova

安装 Nova 相关软件包

1. apt-get install -y nova-api nova-cert novnc nova-conductor nova-consoleauth nova-scheduler nova-novncproxy --force-yes

创建 nova 数据库，授权 nova 用户访问它：

1. mysql -u$YS_CON_MYSQL_USER -p$YS_CON_MYSQL_PASS -e "
2. create database nova;
3. grant all on nova.* to 'nova'@'%' identified by 'nova';"

在 /etc/nova/api-paste.ini 中修改 autotoken 验证部分：

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`
4. sed -i "/$pattern/c $line" /etc/nova/api-paste.ini;
5. done << _EOF_
6. auth_host = ${YS_CON_MANAGE_IP}
7. auth_port = 35357
8. auth_protocol = http
9. admin_tenant_name = service
10. admin_user = nova
11. admin_password = ${ADMIN_PASSWORD}
12. signing_dir = /tmp/keystone-signing-nova
13. auth_version = v2.0
14. _EOF_

修改 /etc/nova/nova.conf， 类似下面这样：

1. cat > /etc/nova/nova.conf << _EOD_
2. [DEFAULT]
3. # LOGS/STATE
4. debug = False
5. verbose = True
6. logdir = /var/log/nova
7. state_path = /var/lib/nova
8. lock_path = /var/lock/nova
9. rootwrap_config = /etc/nova/rootwrap.conf
10. dhcpbridge = /usr/bin/nova-dhcpbridge
11. # SCHEDULER
12. compute_scheduler_driver = nova.scheduler.filter_scheduler.FilterScheduler
13. ## VOLUMES
14. volume_api_class = nova.volume.cinder.API
15. # DATABASE
16. sql_connection = mysql://nova:nova@${YS_CON_MANAGE_IP}/nova
17. # COMPUTE
18. libvirt_type = kvm
19. compute_driver = libvirt.LibvirtDriver
20. instance_name_template = instance-%08x
21. api_paste_config = /etc/nova/api-paste.ini
22. # COMPUTE/APIS: if you have separate configs for separate services
23. # this flag is required for both nova-api and nova-compute
24. allow_resize_to_same_host = True
25. # APIS
26. osapi_compute_extension = nova.api.openstack.compute.contrib.standard_extensions
27. ec2_dmz_host = ${YS_CON_MANAGE_IP}
28. s3_host = ${YS_CON_MANAGE_IP}
29. metadata_host = ${YS_CON_MANAGE_IP}
30. metadata_listen = 0.0.0.0
31. # RABBITMQ
32. rabbit_host = ${YS_CON_MANAGE_IP}
33. rabbit_password = guest
34. # GLANCE
35. image_service = nova.image.glance.GlanceImageService
36. glance_api_servers = ${YS_CON_MANAGE_IP}:9292
37. # NETWORK
38. network_api_class = nova.network.quantumv2.api.API
39. quantum_url = http://${YS_CON_MANAGE_IP}:9696
40. quantum_auth_strategy = keystone
41. quantum_admin_tenant_name = service
42. quantum_admin_username = quantum
43. quantum_admin_password = ${ADMIN_PASSWORD}
44. quantum_admin_auth_url = http://${YS_CON_MANAGE_IP}:35357/v2.0
45. service_quantum_metadata_proxy = True
46. libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
47. linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
48. firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
49. # NOVNC CONSOLE
50. novncproxy_base_url = http://${YS_CON_EXT_IP}:6080/vnc_auto.html
51. # Change vncserver_proxyclient_address and vncserver_listen to match each compute host
52. vncserver_proxyclient_address = ${YS_CON_EXT_IP}
53. vncserver_listen = 0.0.0.0
54. # AUTHENTICATION
55. auth_strategy = keystone
56. [keystone_authtoken]
57. auth_host = $YS_CON_MANAGE_IP
58. auth_port = 35357
59. auth_protocol = http
60. admin_tenant_name = service
61. admin_user = nova
62. admin_password = ${ADMIN_PASSWORD}
63. signing_dir = /tmp/keystone-signing-nova
64. _EOD_

同步数据库，启动 nova 相关服务：

1. nova-manage db sync
2. cd /etc/init.d/; for i in $( ls nova-* ); do sudo /etc/init.d/$i restart; done

检查 nova 相关服务笑脸

1. nova-manage service list

安装WEB控制模块Horizon

安装Horizon

1. apt-get install -y openstack-dashboard memcached --force-yes

如果你不喜欢 Ubuntu 的主题，可以禁用它，使用默认界面：

1. dpkg --purge openstack-dashboard-ubuntu-theme

重启apache2和memcache

1. service apache2 restart; service memcached restart

安装完成

现在可以通过浏览器 http://YS_CON_EXT_IP/horizon 使用 admin:ADMIN_PASSWORD 来登录界面。

所有计算节点

基本环境变量配置

1. export YS_CON_MANAGE_IP=172.16.0.51
2. export YS_CON_EXT_IP=59.65.233.231
3. export YS_COM_MANAGE_IP=172.16.0.52
4. export YS_COM_MANAGE_NETMASK=255.255.0.0
5. export YS_COM_DATA_IP=10.10.10.52
6. export YS_COM_DATA_NETMASK=255.255.255.0
7. export YS_COM_EXT_IP=59.65.233.233
8. export YS_COM_EXT_NETMASK=255.255.255.0
9. export YS_COM_EXT_GATEWAY=59.65.233.254
10. export YS_COM_EXT_DNS=202.204.65.5
11. export YS_COM_SERVICE_ENDPOINT_IP=172.16.0.52
12. export YS_COM_MYSQL_USER=root
13. export YS_COM_MYSQL_PASS=123qwe
14. export ADMIN_PASSWORD=123qwe
15. export ADMIN_TOKEN=ceit

网络设置

设置网卡信息

1. cat > /etc/network/interfaces << _EOF_
2. auto eth0
3. iface eth0 inet static
4. address $YS_COM_MANAGE_IP
5. netmask $YS_COM_MANAGE_NETMASK
6. auto eth1
7. iface eth0 inet static
8. address $YS_COM_DATA_IP
9. netmask $YS_COM_DATA_NETMASK
10. auto eth2
11. iface eth2 inet static
12. address $YS_COM_EXT_IP
13. netmask $YS_COM_EXT_NETMASK
14. gateway $YS_COM_EXT_GATEWAY
15. dns-nameservers $YS_COM_EXT_DNS
16. _EOF_

重启网络服务

1. /etc/init.d/networking restart

添加源

添加Ubuntu Grizzly源，并升级

1. cat > /etc/apt/sources.list.d/grizzly.list << _EOF_
2. deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/grizzly main
3. deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/grizzly main
4. _EOF_
5. apt-get update
6. apt-get -y upgrade --force-yes
7. apt-get install -y ubuntu-cloud-keyring

时间同步NTP

安装NTP并配置以计算节点为同步时钟

1. apt-get install -y ntp
2. sed -i 's/server ntp.ubuntu.com/server ${YS_CON_MANAGE_IP}/g' /etc/ntp.conf
3. service ntp restart

允许路由转发

开启路由转发

1. sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
2. sysctl net.ipv4.ip_forward=1

安装OpenVSwitch

安装OpenVSwitch，必须以下顺序

1. apt-get install -y openvswitch-datapath-source --force-yes
2. module-assistant auto-install openvswitch-datapath
3. apt-get install -y openvswitch-switch openvswitch-brcompat --force-yes

设置 ovs-brcompatd 启动：

1. sed -i 's/# BRCOMPAT=no/BRCOMPAT=yes/g' /etc/default/openvswitch-switch
2. echo 'brcompat' >> /etc/modules

启动 openvswitch-switch:

1. /etc/init.d/openvswitch-switch restart

再次启动,直到 ovs-brcompatd、ovs-vswitchd、ovsdb-server等服务都启动：

1. /etc/init.d/openvswitch-switch restart

直到检查出现：

1. lsmod | grep brcompat
2. brcompat 13512 0
3. openvswitch 84038 7 brcompat

如果还是启动不了的话，用下面命令：

1. /etc/init.d/openvswitch-switch force-reload-kmod

创建网桥：

1. ovs-vsctl add-br br-int # br-int 用于 vm 整合
2. ovs-vsctl add-br br-ex # br-ex 用于从互联网上访问 vm
3. ovs-vsctl add-port br-ex eth2 # br-ex 桥接到 eth2

做完上面操作后，如果用ssh连接到eth2的话一定会断开，到机器上修改配置文件：

1. ifconfig eth2 0
2. ifconfig br-ex ${YS_COM_EXT_IP}/24
3. route add default gw ${YS_COM_EXT_GATEWAY} dev br-ex
4. echo "nameserver ${YS_COM_EXT_DNS}" > /etc/resolv.conf
5. cat > /etc/network/interfaces << _EOF_
6. auto eth0
7. iface eth0 inet static
8. address $YS_COM_MANAGE_IP
9. netmask $YS_COM_MANAGE_NETMASK
10. auto eth1
11. iface eth0 inet static
12. address $YS_COM_DATA_IP
13. netmask $YS_COM_DATA_NETMASK
14. auto eth2
15. iface eth2 inet manual
16. up ifconfig \$IFACE 0.0.0.0 up
17. up ip link set \$IFACE promisc on
18. down ip link set \$IFACE promisc off
19. down ifconfig \$IFACE down
20. auto br-ex
21. iface br-ex inet static
22. address $YS_COM_EXT_IP
23. netmask $YS_COM_EXT_NETMASK
24. gateway $YS_COM_EXT_GATEWAY
25. dns-nameservers $YS_COM_EXT_DNS
26. _EOF_

重启网卡可能会出现：

1. /etc/init.d/networking restart
2. RTNETLINK answers: File exists
3. Failed to bring up br-ex.

br-ex 可能有 ip 地址，但没有网关和 DNS，需要手工配置一下，或者重启机器. 重启机器后就正常了

文档更新：发现网络节点的 eth2 网卡在系统重启后没有激活，写入到 rc.local中:

1. echo 'ifconfig eth2 up' >> /etc/rc.local

查看桥接的网络

1. ovs-vsctl list-br
2. ovs-vsctl show

安装网络管理组件Quantum

安装 Quantum openvswitch agent, metadata-agent l3 agent 和 dhcp agent

1. apt-get install -y quantum-plugin-openvswitch-agent quantum-dhcp-agent quantum-l3-agent quantum-metadata-agent --force-yes

编辑 /etc/quantum/quantum.conf 文件：

1. while read line;
2. do
3. pattern=`echo $line | awk '{printf "%s %s",$1,$2}'`<%

文章来源 ： http://www.openstack.cn/p203.html