版本icehouse,操作系统redhat6.5
最简化安装,不要cinder和swift
三个节点
172 control节点keystone glance horizon
173 compute节点nova
173 network节点neutron
control /etc/sysctl.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-arptables = 1 /etc/security/limits.conf * soft nproc 65535 * hard nproc 65535 * soft nofile 65535 * hard nofile 65535 * soft core ulimit * hard core ulimit 删除libvirt自带的bridge,准备使用openvswitch mv /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/default.xml.bak modprobe -r bridge qemu-img create -f qcow2 control_add.img 40G <disk type='file' device='disk'> <driver name='qemu' type='qcow2' cache='none'/> <source file='/opt1/control_add.img'/> <target dev='vdb' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </disk> vgcreate vgstorage /dev/vdb /etc/sysconfig/iptables -I INPUT -p tcp --dport 80 -j ACCEPT -I INPUT -p tcp --dport 3306 -j ACCEPT -I INPUT -p tcp --dport 5000 -j ACCEPT -I INPUT -p tcp --dport 5672 -j ACCEPT -I INPUT -p tcp --dport 8080 -j ACCEPT -I INPUT -p tcp --dport 8773 -j ACCEPT -I INPUT -p tcp --dport 8774 -j ACCEPT -I INPUT -p tcp --dport 8775 -j ACCEPT -I INPUT -p tcp --dport 8776 -j ACCEPT -I INPUT -p tcp --dport 8777 -j ACCEPT -I INPUT -p tcp --dport 9292 -j ACCEPT -I INPUT -p tcp --dport 9696 -j ACCEPT -I INPUT -p tcp --dport 15672 -j ACCEPT -I INPUT -p tcp --dport 55672 -j ACCEPT -I INPUT -p tcp --dport 35357 -j ACCEPT -I INPUT -p tcp --dport 12211 -j ACCEPT /etc/init.d/iptables restart yum install rabbitmq-server cat /etc/hosts 127.0.0.1 control localhost.localdomain localhost4 localhost4.localdomain4 /etc/rabbitmq/enabled_plugins [rabbitmq_management]. service rabbitmq-server start chkconfig rabbitmq-server on http://192.168.137.162:15672/ rabbitmqctl list_users (1) 新增一个用户 rabbitmqctl add_user Username Password (2) 删除一个用户 rabbitmqctl delete_user Username (3) 修改用户的密码 rabbitmqctl change_password Username Newpassword (4) 查看当前用户列表 rabbitmqctl list_users yum install mysql-server vim /etc/my.cnf default-character-set=utf8 default-storage-engine=InnoDB /etc/init.d/mysqld start chkconfig mysqld on /usr/bin/mysqladmin -u root password 'openstack' yum install -y openstack-keystone openstack-utils export SERVICE_TOKEN=$(openssl rand -hex 10) echo $SERVICE_TOKEN >/root/ks_admin_token 这里要一气呵成,多次使用就出错了,指定了默认的admin_token呀 openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN openstack-config --set /etc/keystone/keystone.conf token provider keystone.token.providers.uuid.Provider; openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:[email protected]/keystone; openstack-db --init --service keystone --password keystone --rootpw openstack; chown -R keystone:keystone /etc/keystone /etc/init.d/openstack-keystone start chkconfig openstack-keystone on ★★★★★★★★★★★★★★★★★★ export SERVICE_TOKEN=`cat /root/ks_admin_token` export SERVICE_ENDPOINT=http://192.168.137.172:35357/v2.0 keystone service-create --name=keystone --type=identity --description="Keystone Identity Service haoning" keystone endpoint-create --service keystone --publicurl 'http://192.168.137.172:5000/v2.0' --adminurl 'http://192.168.137.172:35357/v2.0' --internalurl 'http://192.168.137.172:5000/v2.0' --region wuhan keystone user-create --name admin --pass openstack keystone role-create --name admin keystone tenant-create --name admin keystone user-role-add --user admin --role admin --tenant admin vim /root/keystone_admin export OS_USERNAME=admin export OS_TENANT_NAME=admin export OS_PASSWORD=openstack export OS_AUTH_URL=http://192.168.137.172:35357/v2.0/ export PS1='[\u@\h \W(keystone_admin)]\$' export SERVICE_TOKEN=`cat /root/ks_admin_token` export SERVICE_ENDPOINT=http://192.168.137.172:35357/v2.0 keystone user-list keystone role-list keystone role-create --name Member keystone user-create --name usera --pass openstack keystone tenant-create --name tenanta keystone user-role-add --user usera --role Member --tenant tenanta keystone user-create --name userb --pass openstack keystone tenant-create --name tenantb keystone user-role-add --user userb --role Member --tenant tenantb yum install -y openstack-glance openstack-utils python-kombu python-anyjson keystone service-create --name glance --type image --description "Glance Image Service haoning" keystone endpoint-create --service glance --publicurl "http://192.168.137.172:9292" --adminurl "http://192.168.137.172:9292" --internalurl "http://192.168.137.172:9292" --region wuhan openstack-config --set /etc/glance/glance-api.conf DEFAULT sql_connection mysql://glance:[email protected]/glance openstack-config --set /etc/glance/glance-registry.conf DEFAULT sql_connection mysql://glance:[email protected]/glance openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 192.168.137.172 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name admin openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user admin openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password openstack openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 192.168.137.172 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name admin openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user admin openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password openstack openstack-config --set /etc/glance/glance-api.conf DEFAULT notifier_strategy noop; openstack-db --init --service glance --password glance --rootpw openstack; chown -R glance:glance /etc/glance chown -R glance:glance /var/lib/glance chown -R glance:glance /var/log/glance chkconfig openstack-glance-api on chkconfig openstack-glance-registry on service openstack-glance-api start service openstack-glance-registry start source /root/keystone_admin glance image-list glance image-create --name "redhat6.5" --disk-format qcow2 --container-format bare --is-public true --file net.img /var/lib/glance/images --------------------------- horizon: yum install -y mod_wsgi httpd mod_ssl memcached python-memcached openstack-dashboard /etc/openstack-dashboard/local_settings 打开下面几行的注释(这里不能人空格,python的语法要求) CACHES = { 'default': { 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION' : '127.0.0.1:11211', } } 修改如下几行 ALLOWED_HOSTS = ['*'] OPENSTACK_HOST = "192.168.137.21" chown -R apache:apache /etc/openstack-dashboard/ /var/lib/openstack-dashboard/; chkconfig httpd on chkconfig memcached on service httpd start service memcached start ----------------------- 网络节点Network安装 防火墙配置(本步略过,因为网络和管理都在虚机A上) 编辑 /etc/sysconfig/iptables 文件,将filter 中添加防火墙规则全部删掉. 重新启动防火墙 /etc/init.d/iptables restart yum install openvswitch chkconfig openvswitch on service openvswitch start [root@net ~]# service openvswitch start /etc/openvswitch/conf.db does not exist ... (warning). Creating empty database /etc/openvswitch/conf.db [ OK ] Starting ovsdb-server [ OK ] Configuring Open vSwitch system IDs [ OK ] Inserting openvswitch module [ OK ] Starting ovs-vswitchd [ OK ] Enabling remote OVSDB managers [ OK ] [root@net ~]# ifconfig ip link show yum install iproute dnsmasq dnsmasq-utils 切换回control节点 mysql -u root -popenstack CREATE DATABASE neutron; GRANT ALL ON neutron.* TO neutron @'%' IDENTIFIED BY 'neutron'; GRANT ALL ON neutron.* TO neutron @'localhost' IDENTIFIED BY 'neutron'; FLUSH PRIVILEGES; CREATE DATABASE nova; GRANT ALL ON nova.* TO nova @'%' IDENTIFIED BY 'nova'; GRANT ALL ON nova.* TO nova @'localhost' IDENTIFIED BY 'nova'; FLUSH PRIVILEGES; keystone service-create --name neutron --type network --description "Neutron Networking Service haoning" keystone endpoint-create --service neutron --publicurl "http://192.168.137.174:9696" --adminurl "http://192.168.137.174:9696" --internalurl "http://192.168.137.174:9696" --region wuhan 切换回网络节点: yum install openstack-neutron python-kombu python-amqplib python-pyudev python-stevedore openstack-utils openstack-neutron-openvswitch openvswitch openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host 192.168.137.172 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name admin openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user admin openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password openstack openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_kombu openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 192.168.137.172 openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 openstack-config --set /etc/neutron/neutron.conf DEFAULT control_exchange neutron openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:[email protected]/neutron openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True 修改完检查[default]可能多一个 chkconfig neutron-server on ovs-vsctl add-br br-int ln -s /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini /etc/neutron/plugin.ini -f openstack-config --set /etc/neutron/plugin.ini OVS tenant_network_type gre openstack-config --set /etc/neutron/plugin.ini OVS tunnel_id_ranges 1:1000 openstack-config --set /etc/neutron/plugin.ini OVS enable_tunneling True openstack-config --set /etc/neutron/plugin.ini OVS local_ip 192.168.137.174 openstack-config --set /etc/neutron/plugin.ini OVS integration_bridge br-int openstack-config --set /etc/neutron/plugin.ini OVS tunnel_bridge br-tun openstack-config --set /etc/neutron/plugin.ini SECURITYGROUP firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver chkconfig neutron-openvswitch-agent on /etc/neutron/dhcp_agent.ini openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True chkconfig neutron-dhcp-agent on 配置neutron L3 agent ovs-vsctl add-br br-ex ovs-vsctl add-port br-ex eth2 ip addr add 192.168.100.231/24 dev br-ex ip link set br-ex up echo "ip addr add 192.168.100.231/24 dev br-ex" >> /etc/rc.local /etc/neutron/l3_agent.ini openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver openstack-config --set /etc/neutron/l3_agent.ini DEFAULT user_namespaces True openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex openstack-config --set /etc/neutron/l3_agent.ini DEFAULT enable_metadata_proxy True; 检查default chkconfig neutron-l3-agent on /etc/neutron/metadata_agent.ini 先把auth_region 这一行注释掉 没装swift就不用注释这个 然后安装下面的命令修改其他选项 #openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region swift openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://192.168.137.172:35357/v2.0 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name admin openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user admin openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password openstack openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 192.168.137.173 openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret awcloud chkconfig neutron-metadata-agent on neutron-db-manage --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head chown -R neutron:neutron /etc/neutron chkconfig --list|grep neutron|grep 3:on service neutron-openvswitch-agent restart service neutron-l3-agent restart service neutron-dhcp-agent restart service neutron-metadata-agent restart service neutron-server restart neutron agent-list neutron net-list 计算节点------------192.168.137.173 /etc/sysconfig/iptables 清空 openvswitch yum update -y iproute dnsmasq dnsmasq-utils yum install openstack-nova openstack-utils python-kombu python-amqplib openstack-neutron-openvswitch dnsmasq-utils python-stevedore keystone service-create --name compute --type compute --description "OpenStack Compute Service haoning" keystone endpoint-create --service compute --publicurl "http://192.168.137.173:8774/v2/%(tenant_id)s" --adminurl "http://192.168.137.173:8774/v2/%(tenant_id)s" --internalurl "http://192.168.137.173:8774/v2/%(tenant_id)s" --region wuhan openstack-config --set /etc/nova/nova.conf database connection mysql://nova:[email protected]/nova; openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host 192.168.137.172; openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.137.173; openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0; openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.137.173; openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://192.168.137.173:6080/vnc_auto.html; openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone; openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend nova.openstack.common.rpc.impl_kombu; openstack-config --set /etc/nova/nova.conf DEFAULT glance_host 192.168.137.172; openstack-config --set /etc/nova/nova.conf DEFAULT api_paste_config /etc/nova/api-paste.ini; openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 192.168.137.172; openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 5000; openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http; openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_version v2.0; openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user admin; openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name admin; openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password openstack; openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis ec2,osapi_compute,metadata; openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver; openstack-config --set /etc/nova/nova.conf DEFAULT network_manager nova.network.neutron.manager.NeutronManager; openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy True; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret awcloud; openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_use_dhcp True; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://192.168.137.174:9696; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username admin; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password openstack; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name admin; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_region_name beijing; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://192.168.137.172:5000/v2.0; openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone; openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron; openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver; openstack-config --set /etc/nova/nova.conf libvirt vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver; /etc/nova/nova.conf 如果机器cpu不支持全虚拟化,需要修改 /etc/nova/nova.conf virt_type=kvm ===》 virt_type=qemu chkconfig openstack-nova-consoleauth on chkconfig openstack-nova-api on chkconfig openstack-nova-scheduler on chkconfig openstack-nova-conductor on chkconfig openstack-nova-compute on chkconfig openstack-nova-novncproxy on [root@compute ~]# chkconfig openvswitch on [root@compute ~]# service openvswitch start scp -r [email protected]:/etc/neutron /etc 修改 vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini local_ip = 192.168.137.173 首先确保 在173上能mysql -unova -h192.168.137.172 -pnova 访问172的数据库 nova-manage db sync chown -R neutron:neutron /etc/neutron/* chkconfig neutron-openvswitch-agent on service neutron-openvswitch-agent start service neutron-openvswitch-agent restart service openstack-nova-conductor restart service openstack-nova-api restart service openstack-nova-scheduler restart service openstack-nova-compute restart service openstack-nova-consoleauth restart service openstack-nova-novncproxy restart http://192.168.137.172/dashboard admin openstack