OpenStack Folsom安装

 

上周Redhat已经发布了Folsom的预览版本，现在算是搞明白，如果你是使用RHEL，他专门有一个源，可以让你安装Openstack。如果你使用的是CentOS，那么你就使用EPEL就可以。这两个基本是一样的。

Redhat版本的Openstack，还是有不少特色

1. 提供Essex升级Folsom，这是很难得，升级也不算复杂
2. 通过了一个工具，专门配置Openstack，可以省去到处改配置文件
3. 文档比Ubuntu完善很多，目前为止，我还没看到过Ubuntu官方任何关于Openstack的安装方面的资料
4. 目前Quantum，只能支持linux Bridge插件,还不支持Openvswith
5. 使用qpid，替换RabbitMQ
6. Folsom明确只能在Centos6.3版本安装

我的文档是参考http://d.hatena./enakai00/20121118/1353226066

结合redhat官方的文档

文档修改记录

2012年11月21日: 文档目前处于草稿阶段，大家最好直接看原文。

 

Contents [hide]

• 1 系统要求
• 2 控制节点
  • 2.1 初始化设置
    • 2.1.1 EPEL源
    • 2.1.2 网络相关设置
    • 2.1.3 Iptables
• 3 环境变量
• 4 QPID
• 5 Keystone
• 6 Glance
• 7 Cinder
• 8 Nova
• 9 Quantum
• 10 Horizon

系统要求

1. CentOS 6.3
2. 双网卡
3. 一个单独的分区，cinder-volume使用
4. 关闭Selinux

控制节点

初始化设置

EPEL源

我们需要启用EPEL源

rpm -ivh http://mirrors.sohu.com/fedora-epel/6/i386/epel-release-6-7.noarch.rpm

网络相关设置

eth0，是静态IP，可以访问外网。

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=00:E0:81:D8:43:BE
TYPE=Ethernet
BOOTPROTO=static
IPADDR=10.1.199.6
NETMASK=255.255.255.0

eth1设置

cat > /etc/sysconfig/network-scripts/ifcfg-eth1 << EOF
DEVICE=eth1
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
EOF

Iptables

我已经禁用的Selinux

chkconfig iptables off
service iptables stop

由于目前包有bug，需要

cat > /etc/sysconfig/modules/openstack-quantum-linuxbridge.modules << EOF
#!/bin/sh

modprobe -b bridge >/dev/null 2>&1

exit 0
EOF

设置文件权限

chmod ugo+x /etc/sysconfig/modules/openstack-quantum-linuxbridge.modules

修改 /etc/sysctl.conf

net.ipv4.ip_forward = 1

Redhat配置Openstack工具

yum install openstack-utils dnsmasq-utils

重启机器

环境变量

我这种方式设置环境变量，只是为了保证安装比较简单和成功，有时候会可能会让你有点误解。详细的理解大家可以参考原文，这里的设置和原文有点不一样。

创建目录

mkdir /root/work

创建环境变量文件，你可以根据你的需求，修改相关的密码。

cat >/root/work/novarc <<EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export MYSQL_PASS=password
export SERVICE_PASSWORD=password
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=$(openssl rand -hex 10)
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF

变量生效

source /root/work/novarc

生成token文件

echo $SERVICE_TOKEN > /root/work/ks_admin_token

QPID

这是Redhat替换RabbitMQ，这里设置是不需要身份验证就可以直接使用。

yum install qpid-cpp-server
sed -i -e 's/auth=.*/auth=no/g' /etc/qpidd.conf
chkconfig qpidd on
service qpidd start

Keystone

安装keystone的时候，会同时把mysql安装，需要设置root的密码，我这里设置是 password

yum install openstack-keystone
openstack-db --init --service keystone

设置

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
chkconfig openstack-keystone on
service openstack-keystone start

添加admin 租户，角色和用户

keystone user-create --name admin --pass $OS_PASSWORD
keystone role-create --name admin
keystone tenant-create --name admin
user=$(keystone user-list | awk '/admin/ {print $2}')
role=$(keystone role-list | awk '/admin/ {print $2}')
tenant=$(keystone tenant-list | awk '/admin/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

设置keystone Endpoint

keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
service=$(keystone service-list | awk '/keystone/ {print $2}')
keystone endpoint-create --region RegionOne   --service_id $service   --publicurl 'http://'"$MASTER"':5000/v2.0'   --adminurl 'http://127.0.0.1:35357/v2.0'   --internalurl 'http://127.0.0.1:5000/v2.0'

创建一个用户 chenhsake, 属于user的角色，属于Redhat的租户

keystone user-create --name chenshake --pass chenshake
keystone role-create --name user
keystone tenant-create --name redhat
user=$(keystone user-list | awk '/chenshake/ {print $2}')
role=$(keystone role-list | awk '/user/ {print $2}')
tenant=$(keystone tenant-list | awk '/redhat/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

检查

ps -ef | grep -i keystone-all
grep ERROR /var/log/keystone/keystone.log

Glance

安装

yum install openstack-glance
openstack-db --init --service glance

设置

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
openstack-config --set /etc/glance/glance-registry-paste.ini filter:authtoken admin_token $SERVICE_TOKEN

启动服务

chkconfig openstack-glance-registry on
chkconfig openstack-glance-api on
service openstack-glance-registry start
service openstack-glance-api start

glance在Keystone的Endpoint

keystone service-create --name=glance --type=image --description="Glance Image Service"
service=$(keystone service-list | awk '/glance/ {print $2}')
keystone endpoint-create --service_id $service   --publicurl 'http://'"$MASTER"':9292/v1'   --adminurl http://127.0.0.1:9292/v1 \
  --internalurl http://127.0.0.1:9292/v1

Cinder

安装

yum install openstack-cinder
openstack-db --init --service cinder

分区

umount /dev/sda2
pvcreate /dev/sda2
vgcreate cinder-volumes /dev/sda2

去掉分区挂载，这个是因为我安装os的时候，专门有一个分区 nova volume. 如果不去掉，会导致重启有麻烦

sed -i '/nova-volume/s/^/#/' /etc/fstab

设置

openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
grep -q /etc/cinder/volumes /etc/tgt/targets.conf || sed -i '1iinclude /etc/cinder/volumes/*' /etc/tgt/targets.conf

服务

chkconfig tgtd on
service tgtd start
chkconfig openstack-cinder-api on
chkconfig openstack-cinder-scheduler on
chkconfig openstack-cinder-volume on
service openstack-cinder-api start
service openstack-cinder-scheduler start
service openstack-cinder-volume start

Cinder在Keystone的Endpoint

keystone service-create --name=cinder --type=volume --description="Cinder Volume Service"
service=$(keystone service-list | awk '/cinder/ {print $2}')
keystone endpoint-create --service_id $service   --publicurl "http://'"$MASTER"':8776/v1/\$(tenant_id)s"   --adminurl "http://127.0.0.1:8776/v1/\$(tenant_id)s"   --internalurl "http://127.0.0.1:8776/v1/\$(tenant_id)s"

检查

grep -i ERROR /var/log/cinder/*
grep CRITICAL /var/log/cinder/*
tail -f /var/log/cinder/*.log

Nova

安装

目前包的依赖关系有点问题，所以需要先安装qemu-img的包

yum install qemu-img
yum install openstack-nova
openstack-db --init --service nova

配置

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/api-paste.ini filter:authtoken admin_token $SERVICE_TOKEN
openstack-config --set /etc/nova/nova.conf DEFAULT flat_interface eth1
openstack-config --set /etc/nova/nova.conf DEFAULT public_interface eth0
openstack-config --set /etc/nova/nova.conf DEFAULT volume_api_class nova.volume.cinder.API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata

服务

chkconfig openstack-nova-api on
chkconfig openstack-nova-cert on
chkconfig openstack-nova-objectstore on
chkconfig openstack-nova-scheduler on
service openstack-nova-api start
service openstack-nova-cert start
service openstack-nova-objectstore start
service openstack-nova-scheduler start

Nova在Keystone的Endpoint

keystone service-create --name=nova --type=compute --description="Nova Compute Service"
service=$(keystone service-list | awk '/nova/ {print $2}')
keystone endpoint-create --service_id $service   --publicurl "http://'"$MASTER"':8774/v1.1/\$(tenant_id)s"   --adminurl "http://127.0.0.1:8774/v1.1/\$(tenant_id)s"   --internalurl "http://127.0.0.1:8774/v1.1/\$(tenant_id)s"

Quantum

安装的时候,会提示你那个网卡设置vlan trunk,我们这里是eth1

yum install openstack-quantum openstack-quantum-linuxbridge gedit
quantum-server-setup --plugin linuxbridge

编辑 /usr/lib/python2.6/site-packages/quantum/agent/linux/iptables_manager.py ,这是目前包的一个bug

272 #        s = [('/sbin/iptables', self.ipv4)]
    273         s = [('iptables', self.ipv4)]

服务

chkconfig quantum-server on
service quantum-server start

Setup and start L2 agent (LinuxBridge plugin)

quantum-node-setup --plugin linuxbridge

会提示quantum服务器的Hostname,直接填写IP就可以。.

配置

openstack-config --set /etc/quantum/plugin.ini VLANS tenant_network_type vlan
openstack-config --set /etc/quantum/plugin.ini VLANS network_vlan_ranges physnet1,physnet2:100:199
openstack-config --set /etc/quantum/plugin.ini LINUX_BRIDGE physical_interface eth0,eth1
openstack-config --set /etc/quantum/plugin.ini LINUX_BRIDGE physical_interface_mappings physnet1:eth0,physnet2:eth1

启动服务

chkconfig quantum-linuxbridge-agent on
service quantum-linuxbridge-agent start

设置dhcp agent

# quantum-dhcp-setup --plugin linuxbridge
Quantum plugin: linuxbridge
Please enter the Quantum hostname:
10.1.199.6
Configuration updates complete!

 

服务

chkconfig quantum-dhcp-agent on
service quantum-dhcp-agent start

Setup and start L3 agent.

quantum-l3-setup --plugin linuxbridge
chkconfig quantum-l3-agent on
service quantum-l3-agent start

Quantum在Keystone的Endpoint

keystone service-create --name quantum --type network --description 'OpenStack Networking Service'
service=$(keystone service-list | awk '/quantum/ {print $2}')
keystone endpoint-create        --service-id $service        --publicurl "http://'"$MASTER"':9696/" --adminurl "http://127.0.0.1:9696/"        --internalurl "http://127.0.0.1:9696/"

创建quantum 服务用户，我的理解是目前quantum还无法支持使用token去验证

keystone user-create --name quantum --pass $SERVICE_PASSWORD
keystone tenant-create --name service
user=$(keystone user-list | awk '/quantum/ {print $2}')
role=$(keystone role-list | awk '/admin/ {print $2}')
tenant=$(keystone tenant-list | awk '/service/ {print $2}')
keystone user-role-add --user-id $user --role-id $role --tenant-id $tenant

nova支持quantum

openstack-config --set /etc/nova/nova.conf DEFAULT quantum_admin_username quantum
openstack-config --set /etc/nova/nova.conf DEFAULT  quantum_admin_password $SERVICE_PASSWORD
openstack-config --set /etc/nova/nova.conf DEFAULT  quantum_admin_tenant_name service

重启服务

service openstack-nova-api restart
service openstack-nova-cert restart
service openstack-nova-objectstore restart
service openstack-nova-scheduler restart

Horizon

yum install openstack-dashboard
chkconfig httpd on
service httpd start