install openstack essex
一:install ubuntu
1:download ubuntu 12.04
http://releases.ubuntu.com//precise/ubuntu-12.04-beta2-server-amd64.iso
2:install OS
apt-get update apt-get upgrade 3:sudo -i
4:networking
These instructions are for using the FlatDHCP networking mode with a single network interface. More complex configurations are described in the networking section, but this configuration is known to work.
First, setup your /etc/network/interfaces file with these settings:
eth0: public IP, gateway
br100: no ports, stp off, fd 0, first address from fixed_range set in nova.conf files.
Here's an example:
5:install bridge
Also install bridge-utils:
sudo apt-get install bridge-utils
Ensure that you set up the bridge, although if you use -\-flat_network_bridge=br100 in your nova.conf file, nova will set up the bridge for you when you run the nova-manage network command.
sudo brctl addbr br100
/etc/init.d/networking restart 6:NTP
sudo apt-get install -y ntp
Set up the NTP server on your controller node so that it receives data by modifying the ntp.conf file and restarting the service.
7:install rabbitmq
二:install and config keystone
1:install keystone
sudo apt-get install keystone
After installing, you need to delete the sqlite database it creates, then change the configuration to point to a MySQL database. This configuration enables easier scaling scenarios since you can bring up multiple Keystone front ends when needed, and configure them all to point back to the same database. Plus a database backend has built-in data replication features and documentation surrounding high availability and data redundancy configurations.
Delete the keystone.db file created in the /var/lib/keystone/ directory.
sudo rm /var/lib/keystone/keystone.db
2:Configure the production-ready backend data store rather than using the catalog supplied by default for the ability to backup the service and endpoint data. This example shows MySQL. First, install MySQL with:
During the install, you'll be prompted for the mysql root password. Enter a password of your choice and verify it.
Edit /etc/mysql/my.cnf to change "bind-address" from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:
sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
sudo service mysql restart
For MySQL, create a MySQL database named "keystone" and a MySQL user named "keystone". Grant the "keystone" user full access to the "keystone" MySQL database.
Start the mysql command line client by running:
mysql -u root -p
Enter the mysql root user's password when prompted.
To configure the MySQL database, create the keystone database.
mysql> CREATE DATABASE keystone;
Create a MySQL user for the newly-created keystone database that has full control of the keystone database.
mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
Enter quit at the mysql> prompt to exit MySQL.
mysql> quit
Once Keystone is installed, it is configured via a primary configuration file (etc/keystone/keystone.conf), and by initializing data into keystone using the command line client. By default, Keystone's data store is sqlite. To change the data store to mysql, change the line defining "connection" in etc/keystone/keystone.conf like so:
connection = mysql://keystone:password@172.17.142.16/keystone
Next, restart the keystone service so that it picks up the new database configuration.
sudo service keystone restart
Lastly, initialize the new keystone database:
sudo keystone-manage db_sync
3:Configuring Services to work with Keystone
Once Keystone is installed and running, you set up users and tenants and services to be configured to work with it.
Setting up tenants, users, and roles
First, create a default tenant, we'll name it openstackDemo in this example.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 tenant-create --name openstackDemo --description "Default Tenant" --enabled true
id: 3ef84ab0a0a54c138fc7e49b0d81c94b
Create a default user named adminUser.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 3ef84ab0a0a54c138fc7e49b0d81c94b --name adminUser --pass secretword --enabled true
id: ba7accd4c25b40c195b39e608ac3d174
Create the default roles, admin and memberRole.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 role-create --name admin
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 role-create --name memberRole
Grant the admin role to the adminUser user in the openstackDemo tenant with "user-role-add".
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ba7accd4c25b40c195b39e608ac3d174 --tenant_id 3ef84ab0a0a54c138fc7e49b0d81c94b --role 9f1d765a94e44b44bb74e305be18f0e9
Create a Service Tenant. This tenant contains all the services that we make known to the service catalog.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 tenant-create --name service --description "Service Tenant" --enabled true
id: 35ce308126cd4765b307c59675803047
Create a Glance Service User in the Service Tenant. You'll do this for any service you add to be in the Keystone service catalog.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name glance --pass glance --enabled true
Grant the admin role to the glance user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user 101b09bb42d745289f62726caf5bbc0a --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Create a Nova Service User in the Service Tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name nova --pass nova --enabled true
id: ed90a7e355154c61b6757042284171f3
Grant the admin role to the nova user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ed90a7e355154c61b6757042284171f3 --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Create an EC2 Service User in the Service Tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name ec2 --pass ec2 --enabled true
id: 345a5740fb8f440f924c9337df2a4f60
Grant the admin role to the ec2 user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ed90a7e355154c61b6757042284171f3 --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Defining Services
While using a template file is simpler, it is not recommended except for development environments such as DevStack, as a database backend can provide better reliability, availability, and data redundancy. This section describes how to populate the Keystone service catalog using the database backend. Your /etc/keystone.conf file should contain the following lines if it is properly configured to use the database backend.
Creating keystone services and service endpoint
Here we define the services and their endpoints.
Define the Identity service
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=keystone --type=identity --description="Keystone Identity Service"
id: c99346ffaa2645628759c35ec411aa0c
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl=http://172.17.142.16:5000/v2.0 --internalurl=http://172.17.142.16:5000/v2.0 --adminurl=http://172.17.142.16:35357/v2.0
id: a5d993f867c344c1a67f46d526ed2ac5
Define the Compute service, which requires a separate endpoint for each tenant. Here we use the service tenant from the previous section
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=nova --type=compute --description="Nova Compute Service"
id: 6e350ce6b61c48f188741ca901f0fb40
TENANT=35ce308126cd4765b307c59675803047
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=6e350ce6b61c48f188741ca901f0fb40 --publicurl="http://172.17.142.16:8774/v2/$TENANT" --internalurl="http://172.17.142.16:8774/v2/$TENANT" --adminurl="http://172.17.142.16:8774/v2/$TENANT"
id: a41aa47fac3049fc8ab9b4151a1b6743
Define the Volume service, which also requires a separate endpoint for each tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=volume --type=volume --description="Nova Volume Service"
id: 0107e943ad4d4d5880413d1af5be5433
TENANT=35ce308126cd4765b307c59675803047
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl="http://172.17.142.16:8776/v1/$TENANT" --internalurl="http://172.17.142.16:8776/v1/$TENANT" --adminurl="http://172.17.142.16:8776/v1/$TENANT" id: fc4a51300614468eb52388ba3da394df
Define the Image service:
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=glance --type=image --description="Glance Image Service" id: 068910fb63a6444cb76a4cc617631f3b
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl=http://172.17.142.16:9292/v1 --internalurl=http://172.17.142.16:9292/v1 --adminurl=http://172.17.142.16:9292/v1
id: 657f68588a264136b0ba1c4f6ba2bc74
Define the EC2 compatibility service:
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
id: 4a4d7ad61d5741f895523e1aa4a9ef84
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl=http://172.17.142.16:8773/services/Cloud --internalurl=http://172.17.142.16:8773/services/Cloud --adminurl=http://172.17.142.16:8773/services/Admin
id: 92cd888900ad4890a0fc408e8f0304ef
Next, create an endpoint for each service you just created using the id values returned by each service-create command. Here's an example for the nova service endpoint.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=6e350ce6b61c48f188741ca901f0fb40 --publicurl http://172.17.142.16:8774/v2 --adminurl http://172.17.142.16:8774/v2 --internalurl http://172.17.142.16:8774/v2
id: e2da6e22147943c0ae76a5953750f991
Substitute the service IDs for each in the --service_id parameter, and ensure the URLs contain correct port values and the correct version number of the API.
For the Image service, here's the command, though you need to substitute the service_id with the id received from the results of the keystone endpoint-create command.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl http://172.17.142.16:9292/v1 --adminurl http://172.17.142.16:9292/v1 --internalurl http://172.17.142.16:9292/v1
id: af155d9fe237499189fe029312ce83ea
For the volume service, use commands like the following.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=0107e943ad4d4d5880413d1af5be5433 --publicurl http://172.17.142.16:8776/v1 --adminurl http://172.17.142.16:8776/v1 --internalurl http://172.17.142.16:8776/v1
id: 7a1ca989c6da49b58fd56f28925a6bb6
For the EC2 compatibility layer, use commands like the following.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=4a4d7ad61d5741f895523e1aa4a9ef84 --publicurl http://172.17.142.16:8773/services/Cloud --adminurl http://172.17.142.16:8773/services/Admin --internalurl http://172.17.142.16:8773/services/Cloud
id: 87d047da397f468cb124bc51f82a6554
For the Identity service you also create an endpoint.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl http://172.17.142.16:35357/v2.0 --adminurl http://172.17.142.16:5000/v2.0 --internalurl http://172.17.142.16:35357/v2.0
id: 1f70fff0fc214792882415d9ef9d5b18
Verifying the Identity Service Installation
Install curl, a command-line tool for running REST API requests along with openssl for meeting a dependency requirement:
sudo apt-get install curl openssl
Here is a curl command you can use to ensure that the Identity service is working:
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://172.17.142.16:35357/v2.0/tokens | python -mjson.tool
You can also get a token that expires in 24 hours using the adminUser account:
curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://172.17.142.16:35357/v2.0/tokens | python -mjson.tool
三:install and config glance 1:install glance
sudo apt-get install glance glance-api glance-client glance-common glance-registry python-glance
Delete the glance.sqlite file created in the /var/lib/glance/ directory.
sudo rm /var/lib/glance/glance.sqlite
2:Configuring the Image Service database backend
Update /etc/glance/glance-api-paste.ini, configure the admin_* values under
[paste_deploy]
flavor = keystone
3: config /etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone
Obtain a test image.
sudo apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-doc nova-scheduler nova-network
Configuring OpenStack Compute
The packages automatically do these steps for a user named nova, but if you are installing as another user you should ensure that the nova.conf file should have its owner set to root:nova, and mode set to 0640, since the file contains your MySQL server’s username and password. This packaged install ensures that the nova user belongs to the nova group and that the .conf file permissions are set, but here are the manual commands.
config /etc/nova/nova.conf
admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% 改成 admin_tenant_name = openstackDemo admin_user = adminUser admin_password = secretword restart nova
1:download ubuntu 12.04
http://releases.ubuntu.com//precise/ubuntu-12.04-beta2-server-amd64.iso
2:install OS
apt-get update apt-get upgrade 3:sudo -i
4:networking
These instructions are for using the FlatDHCP networking mode with a single network interface. More complex configurations are described in the networking section, but this configuration is known to work.
First, setup your /etc/network/interfaces file with these settings:
eth0: public IP, gateway
br100: no ports, stp off, fd 0, first address from fixed_range set in nova.conf files.
Here's an example:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 172.17.142.16
netmask 255.255.0.0
# Bridge network interface for VM networks
auto br100
iface br100 inet static
address 192.168.100.1
netmask 255.255.255.0
bridge_stp off
bridge_fd 0
5:install bridge
Also install bridge-utils:
sudo apt-get install bridge-utils
Ensure that you set up the bridge, although if you use -\-flat_network_bridge=br100 in your nova.conf file, nova will set up the bridge for you when you run the nova-manage network command.
sudo brctl addbr br100
/etc/init.d/networking restart 6:NTP
sudo apt-get install -y ntp
Set up the NTP server on your controller node so that it receives data by modifying the ntp.conf file and restarting the service.
sudo sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
sudo service ntp restart
7:install rabbitmq
sudo apt-get install rabbitmq-server memcached python-memcache
sudo apt-get install kvm libvirt-bin
二:install and config keystone
1:install keystone
sudo apt-get install keystone
After installing, you need to delete the sqlite database it creates, then change the configuration to point to a MySQL database. This configuration enables easier scaling scenarios since you can bring up multiple Keystone front ends when needed, and configure them all to point back to the same database. Plus a database backend has built-in data replication features and documentation surrounding high availability and data redundancy configurations.
Delete the keystone.db file created in the /var/lib/keystone/ directory.
sudo rm /var/lib/keystone/keystone.db
2:Configure the production-ready backend data store rather than using the catalog supplied by default for the ability to backup the service and endpoint data. This example shows MySQL. First, install MySQL with:
During the install, you'll be prompted for the mysql root password. Enter a password of your choice and verify it.
Edit /etc/mysql/my.cnf to change "bind-address" from localhost (127.0.0.1) to any (0.0.0.0) and restart the mysql service:
sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
sudo service mysql restart
For MySQL, create a MySQL database named "keystone" and a MySQL user named "keystone". Grant the "keystone" user full access to the "keystone" MySQL database.
Start the mysql command line client by running:
mysql -u root -p
Enter the mysql root user's password when prompted.
To configure the MySQL database, create the keystone database.
mysql> CREATE DATABASE keystone;
Create a MySQL user for the newly-created keystone database that has full control of the keystone database.
mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
Enter quit at the mysql> prompt to exit MySQL.
mysql> quit
Once Keystone is installed, it is configured via a primary configuration file (etc/keystone/keystone.conf), and by initializing data into keystone using the command line client. By default, Keystone's data store is sqlite. To change the data store to mysql, change the line defining "connection" in etc/keystone/keystone.conf like so:
connection = mysql://keystone:password@172.17.142.16/keystone
Next, restart the keystone service so that it picks up the new database configuration.
sudo service keystone restart
Lastly, initialize the new keystone database:
sudo keystone-manage db_sync
3:Configuring Services to work with Keystone
Once Keystone is installed and running, you set up users and tenants and services to be configured to work with it.
Setting up tenants, users, and roles
First, create a default tenant, we'll name it openstackDemo in this example.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 tenant-create --name openstackDemo --description "Default Tenant" --enabled true
id: 3ef84ab0a0a54c138fc7e49b0d81c94b
Create a default user named adminUser.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 3ef84ab0a0a54c138fc7e49b0d81c94b --name adminUser --pass secretword --enabled true
id: ba7accd4c25b40c195b39e608ac3d174
Create the default roles, admin and memberRole.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 role-create --name admin
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 role-create --name memberRole
Grant the admin role to the adminUser user in the openstackDemo tenant with "user-role-add".
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ba7accd4c25b40c195b39e608ac3d174 --tenant_id 3ef84ab0a0a54c138fc7e49b0d81c94b --role 9f1d765a94e44b44bb74e305be18f0e9
Create a Service Tenant. This tenant contains all the services that we make known to the service catalog.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 tenant-create --name service --description "Service Tenant" --enabled true
id: 35ce308126cd4765b307c59675803047
Create a Glance Service User in the Service Tenant. You'll do this for any service you add to be in the Keystone service catalog.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name glance --pass glance --enabled true
Grant the admin role to the glance user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user 101b09bb42d745289f62726caf5bbc0a --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Create a Nova Service User in the Service Tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name nova --pass nova --enabled true
id: ed90a7e355154c61b6757042284171f3
Grant the admin role to the nova user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ed90a7e355154c61b6757042284171f3 --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Create an EC2 Service User in the Service Tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-create --tenant_id 35ce308126cd4765b307c59675803047 --name ec2 --pass ec2 --enabled true
id: 345a5740fb8f440f924c9337df2a4f60
Grant the admin role to the ec2 user in the service tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 user-role-add --user ed90a7e355154c61b6757042284171f3 --tenant_id 35ce308126cd4765b307c59675803047 --role 9f1d765a94e44b44bb74e305be18f0e9
Defining Services
While using a template file is simpler, it is not recommended except for development environments such as DevStack, as a database backend can provide better reliability, availability, and data redundancy. This section describes how to populate the Keystone service catalog using the database backend. Your /etc/keystone.conf file should contain the following lines if it is properly configured to use the database backend.
[catalog]
driver = keystone.catalog.backends.sql.Catalog
Elements of a Keystone service catalog entry
For each service in the catalog, you must perform two keystone operations:
Use the keystone service-create command to create a database entry for the service, with the following attributes:
--name
Name of the service (e.g., nova, ec2, glance, keystone)
--type
Type of service (e.g., compute, ec2, image, identity)
--description
A description of the service, (e.g., "Nova Compute Service")
Use the keystone endpoint-create command to create a database entry that describes how different types of clients can connect to the service, with the following attributes:
--region
the region name you've given to the OpenStack cloud you are deploying (e.g., RegionOne)
--service_id
The ID field returned by the keystone service-create (e.g., 935fd37b6fa74b2f9fba6d907fa95825)
--publicurl
The URL of the public-facing endpoint for the service (e.g., http://192.168.206.130:9292/v1 or http://192.168.206.130:8774/v2/eb7e0c10a99446cfa14c244374549e9d)
--internalurl
The URL of an internal-facing endpoint for the service.
This typically has the same value as publicurl.
--adminurl
The URL for the admin endpoint for the service. The Keystone and EC2 services use different endpoints for adminurl and publicurl, but for other services these endpoints will be the same.
Creating keystone services and service endpoint
Here we define the services and their endpoints.
Define the Identity service
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=keystone --type=identity --description="Keystone Identity Service"
id: c99346ffaa2645628759c35ec411aa0c
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl=http://172.17.142.16:5000/v2.0 --internalurl=http://172.17.142.16:5000/v2.0 --adminurl=http://172.17.142.16:35357/v2.0
id: a5d993f867c344c1a67f46d526ed2ac5
Define the Compute service, which requires a separate endpoint for each tenant. Here we use the service tenant from the previous section
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=nova --type=compute --description="Nova Compute Service"
id: 6e350ce6b61c48f188741ca901f0fb40
TENANT=35ce308126cd4765b307c59675803047
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=6e350ce6b61c48f188741ca901f0fb40 --publicurl="http://172.17.142.16:8774/v2/$TENANT" --internalurl="http://172.17.142.16:8774/v2/$TENANT" --adminurl="http://172.17.142.16:8774/v2/$TENANT"
id: a41aa47fac3049fc8ab9b4151a1b6743
Define the Volume service, which also requires a separate endpoint for each tenant.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=volume --type=volume --description="Nova Volume Service"
id: 0107e943ad4d4d5880413d1af5be5433
TENANT=35ce308126cd4765b307c59675803047
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl="http://172.17.142.16:8776/v1/$TENANT" --internalurl="http://172.17.142.16:8776/v1/$TENANT" --adminurl="http://172.17.142.16:8776/v1/$TENANT" id: fc4a51300614468eb52388ba3da394df
Define the Image service:
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=glance --type=image --description="Glance Image Service" id: 068910fb63a6444cb76a4cc617631f3b
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl=http://172.17.142.16:9292/v1 --internalurl=http://172.17.142.16:9292/v1 --adminurl=http://172.17.142.16:9292/v1
id: 657f68588a264136b0ba1c4f6ba2bc74
Define the EC2 compatibility service:
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
id: 4a4d7ad61d5741f895523e1aa4a9ef84
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl=http://172.17.142.16:8773/services/Cloud --internalurl=http://172.17.142.16:8773/services/Cloud --adminurl=http://172.17.142.16:8773/services/Admin
id: 92cd888900ad4890a0fc408e8f0304ef
Next, create an endpoint for each service you just created using the id values returned by each service-create command. Here's an example for the nova service endpoint.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=6e350ce6b61c48f188741ca901f0fb40 --publicurl http://172.17.142.16:8774/v2 --adminurl http://172.17.142.16:8774/v2 --internalurl http://172.17.142.16:8774/v2
id: e2da6e22147943c0ae76a5953750f991
Substitute the service IDs for each in the --service_id parameter, and ensure the URLs contain correct port values and the correct version number of the API.
For the Image service, here's the command, though you need to substitute the service_id with the id received from the results of the keystone endpoint-create command.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=068910fb63a6444cb76a4cc617631f3b --publicurl http://172.17.142.16:9292/v1 --adminurl http://172.17.142.16:9292/v1 --internalurl http://172.17.142.16:9292/v1
id: af155d9fe237499189fe029312ce83ea
For the volume service, use commands like the following.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=0107e943ad4d4d5880413d1af5be5433 --publicurl http://172.17.142.16:8776/v1 --adminurl http://172.17.142.16:8776/v1 --internalurl http://172.17.142.16:8776/v1
id: 7a1ca989c6da49b58fd56f28925a6bb6
For the EC2 compatibility layer, use commands like the following.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=4a4d7ad61d5741f895523e1aa4a9ef84 --publicurl http://172.17.142.16:8773/services/Cloud --adminurl http://172.17.142.16:8773/services/Admin --internalurl http://172.17.142.16:8773/services/Cloud
id: 87d047da397f468cb124bc51f82a6554
For the Identity service you also create an endpoint.
keystone --token 012345SECRET99TOKEN012345 --endpoint http://172.17.142.16:35357/v2.0 endpoint-create --region RegionOne --service_id=c99346ffaa2645628759c35ec411aa0c --publicurl http://172.17.142.16:35357/v2.0 --adminurl http://172.17.142.16:5000/v2.0 --internalurl http://172.17.142.16:35357/v2.0
id: 1f70fff0fc214792882415d9ef9d5b18
Verifying the Identity Service Installation
Install curl, a command-line tool for running REST API requests along with openssl for meeting a dependency requirement:
sudo apt-get install curl openssl
Here is a curl command you can use to ensure that the Identity service is working:
curl -d '{"auth": {"tenantName": "adminTenant", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://172.17.142.16:35357/v2.0/tokens | python -mjson.tool
You can also get a token that expires in 24 hours using the adminUser account:
curl -d '{"auth": {"tenantName": "openstackDemo", "passwordCredentials":{"username": "adminUser", "password": "secretword"}}}' -H "Content-type: application/json" http://172.17.142.16:35357/v2.0/tokens | python -mjson.tool
三:install and config glance 1:install glance
sudo apt-get install glance glance-api glance-client glance-common glance-registry python-glance
Delete the glance.sqlite file created in the /var/lib/glance/ directory.
sudo rm /var/lib/glance/glance.sqlite
2:Configuring the Image Service database backend
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
quit
Update /etc/glance/glance-api-paste.ini, configure the admin_* values under
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance
Update /etc/glance/glance-registry-paste.ini, configure the admin_*
[filter:authtoken]
admin_tenant_name = service
admin_user = glance
admin_password = glance
2: config /etc/glance/glance-registry.conf
sql_connection = mysql://glance:password@172.17.142.16/glance[paste_deploy]
flavor = keystone
3: config /etc/glance/glance-api.conf
[paste_deploy]
flavor = keystone
Obtain a test image.
mkdir /tmp/images
cd /tmp/images/
wget http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz
tar -zxvf ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz
Upload the kernel.
glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linux-kernel" disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz
Upload the initrd.
glance --os_username=adminUser --os_password=secretword --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linux-ramdisk" disk_format=ari container_format=ari < ttylinux-uec-amd64-12.1_2.6.35-22_1-loader
Upload the image.
glance --os_username=adminUser --os_password=secretworf --os_tenant=openstackDemo --os_auth_url=http://127.0.0.1:5000/v2.0 add name="tty-linux" disk_format=ami container_format=ami kernel_id=599907ff-296d-4042-a671-d015e34317d2 ramdisk_id=7d9f0378-1640-4e43-8959-701f248d999d < ttylinux-uec-amd64-12.1_2.6.35-22_1.img
Now a glance index should show a legitimate image.
glance --os_username=adminUser --os_password=secretword --os_tenant=openstackSemo --os_auth_url=http://127.0.0.1:5000/v2.0 index
ID Name Disk Format Container Format Size
------------------------------------ ------------------------------ -------------------- -------------------- --------------
21b421e5-44d4-4903-9db0-4f134fdd0793 tty-linux ami ami 25165824
7d9f0378-1640-4e43-8959-701f248d999d tty-linux-ramdisk ari ari 96629
599907ff-296d-4042-a671-d015e34317d2 tty-linux-kernel aki aki 4404752
This example shows inputting --os_username, --os_password, --os_tenant, --os_auth_url on the command line for reference. You could also use the OS_* environment variables by setting them in an openrc file:
export OS_USERNAME=adminUser
export OS_TENANT_NAME=openstackDemo
export OS_PASSWORD=secretword
export OS_AUTH_URL=http://192.168.206.130:5000/v2.0/
export OS_REGION_NAME=RegionOne
四: Configuring the SQL Database (MySQL) on the Cloud Controller
mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password';
mysql> quit
Install the required nova- packages, and dependencies are automatically installed.sudo apt-get install nova-compute nova-volume nova-vncproxy nova-api nova-ajax-console-proxy nova-doc nova-scheduler nova-network
Configuring OpenStack Compute
The packages automatically do these steps for a user named nova, but if you are installing as another user you should ensure that the nova.conf file should have its owner set to root:nova, and mode set to 0640, since the file contains your MySQL server’s username and password. This packaged install ensures that the nova user belongs to the nova group and that the .conf file permissions are set, but here are the manual commands.
config /etc/nova/nova.conf
--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--allow_admin_api=true
--use_deprecated_auth=false
--auth_strategy=keystone
--scheduler_driver=nova.scheduler.simple.SimpleScheduler
--s3_host=172.17.142.17
--ec2_host=172.17.142.17
--rabbit_host=172.17.142.17
--cc_host=172.17.142.17
--nova_url=http://172.17.142.17:8774/v2/
--routing_source_ip=172.17.142.17
--glance_api_servers=172.17.142.17:9292
--image_service=nova.image.glance.GlanceImageService
--iscsi_ip_prefix=192.168.22
--sql_connection=mysql://novadbadmin:dieD9Mie@172.17.142.17/nova
--ec2_url=http://172.17.142.17:8773/services/Cloud
--keystone_ec2_url=http://172.17.142.17:5000/v2.0/ec2tokens
--api_paste_config=/etc/nova/api-paste.ini
--libvirt_type=kvm
#--libvirt_type=qemu
--libvirt_use_virtio_for_bridges=true
--start_guests_on_host_boot=true
--resume_guests_state_on_host_boot=true
--vnc_enabled=true
--vncproxy_url=http://172.17.142.17:6080
--vnc_console_proxy_url=http://172.17.142.17:6080
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=eth0
--flat_interface=eth1
--flat_network_bridge=br100
--fixed_range=192.168.22.32/27
--floating_range=172.17.142.32/27
--network_size=32
--flat_network_dhcp_start=192.168.22.33
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
#--verbose
--verbose=False
--volume_group=nova-volumes
config /etc/nova/api-paste.iniadmin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% 改成 admin_tenant_name = openstackDemo admin_user = adminUser admin_password = secretword restart nova
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" stop; done
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" start; done
nova-manage db sync
nova-manage network create private --fixed_range_v4=192.168.100.0/24 --num_networks=1 --bridge=br100 --bridge_interface=eth1 --network_size=32
nova-manage floating create --ip_range=172.17.142.32/24
chown -R nova:nova /etc/nova
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" stop; done
for a in libvirt-bin nova-network nova-compute nova-api nova-objectstore nova-scheduler nova-volume nova-vncproxy; do service "$a" start; done
nova-manage service list
五:install and config Dashbaord
1:install dashbaord
apt-get install libapache2-mod-wsgi openstack-dashboard
2:config /etc/apache2/conf.d/openstack-dashboard.conf
# cat /etc/apache2/conf.d/openstack-dashboard.conf
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10
Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static
Order allow,deny
Allow from all
3:config /etc/openstack-dashboard/local_settings.py
把CACHE_BACKEND修改成下面
#CACHE_BACKEND = 'locmem://'
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
restart apache2
service apache2 restart
why the interface IP is 172.17.142.16, and nova.conf IP is 172.17.142.17? is it mistake?
回覆刪除sorry, you can write your IP
回覆刪除