OpenStack Icehouse私有云实战部署.docx
《OpenStack Icehouse私有云实战部署.docx》由会员分享,可在线阅读,更多相关《OpenStack Icehouse私有云实战部署.docx(61页珍藏版)》请在冰点文库上搜索。
OpenStackIcehouse私有云实战部署
OpenStackIcehouse私有云实战部署
前言
相信你一定对“云主机”一词并不陌生吧,通过在Web页面选择所需主机配置,即可快速定制一台属于自己的虚拟主机,并实现登陆操作,大大节省了物理资源。
但这一过程是如何实现的呢?
本文带来OpenStackIcehouse私有云实战部署。
OpenStack
简介
OpenStack是由网络主机服务商Rackspace和美国宇航局联合推出的一个开源项目,OpenStack的目标是为所有类型的云提供一个易于实施,可大规模扩展,且功能丰富的解决方案,任何公司或个人都可以搭建自己的云计算环境(IaaS),从此打破了Amazon等少数公司的垄断。
架构
工作流程
OpenStack部署
实验环境
实验拓扑
#各节点时间已同步
#各节点已禁用NetworkManager服务
#各节点已清空防火墙规则,并保存
#各节点已基于hosts实现主机名通信
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:
:
1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.123 controller
192.168.10.124 compute
192.168.10.125 network
192.168.10.126 block
#Network Node用于外部网络的接口不能用IP地址,建议使用类似如下配置
#INTERFACE_NAME为实际的网络接口名,例如eth1:
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
路由配置
BlockStorageNode还同时提供路由功能,首先来配置一下路由
[root@bolck ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@bolck ~]# sysctl -p
[root@bolck ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 172.16.10.126
[root@bolck ~]# service iptables save
iptables:
Saving firewall rules to /etc/sysconfig/iptables:
[ OK ]
安装配置Keystone
安装Keystone
openstacyum源安装
[root@controller ~]# wget http:
//rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm
[root@controller ~]# rpm -ivh rdo-release-icehouse.rpm
安装并初始化MySQL服务器
[root@controller ~]# yum install mariadb-galera-server -y
[root@controller ~]# vim /etc/f
[mysqld]
...
datadir=/mydata/data
default-storage-engine = innodb
innodb_file_per_table = ON
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
skip_name_resolve = ON
[root@controller ~]# mkdir /mydata/data -p
[root@controller ~]# chown -R mysql.mysql /mydata/
[root@controller ~]# mysql_install_db --datadir=/mydata/data/ --user=mysql
[root@controller ~]# service mysqld start
Starting mysqld:
[ OK ]
[root@controller ~]# chkconfig mysqld on
[root@controller ~]# mysql_secure_installation
安装配置Identity服务
[root@controller ~]# yum install openstack-utils openstack-keystone python-keystoneclient -y
#创建 keystone数据库,其默认会创建一个keystone用户以访问此同名数据库,密码可以使用--pass指定
[root@controller ~]# openstack-db --init --service keystone --pass keystone
Please enter the password for the 'root' MySQL user:
Verified connectivity to MySQL.
Creating 'keystone' database.
Initializing the keystone database, please wait...
Complete!
编辑keystone主配置文件,使得其使用MySQL做为数据存储池
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf \
> database connection mysql:
//keystone:
keystone@controller/keystone
配置token
[root@controller ~]# export ADMIN_TOKEN=$(openssl rand -hex 10)
[root@controller ~]# export OS_SERVICE_TOKEN=$ADMIN_TOKEN
[root@controller ~]# export OS_SERVICE_ENDPOINT=http:
//controller:
35357/v2.0
[root@controller ~]# echo $ADMIN_TOKEN > ~/openstack_admin_token
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
设定openstack用到的证书服务
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# chown -R keystone.keystone /etc/keystone/ssl
[root@controller ~]# chmod -R o-rwx /etc/keystone/ssl
启动服务
[root@controller ~]# service openstack-keystone start
Starting keystone:
[ OK ]
[root@controller ~]# chkconfig openstack-keystone on
[root@controller ~]# ss -tnlp | grep keystone-all
LISTEN 0 128 *:
35357 *:
* users:
(("keystone-all",7063,4))
LISTEN 0 128 *:
5000 *:
* users:
(("keystone-all",7063,6))
创建tenant、角色和用户
#创建admin用户
[root@controller ~]# keystone user-create --name=admin --pass=admin --email=admin@
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | admin@ |
| enabled | True |
| id | 2338be9fb4d54028a9cbcc6cb0ebe160 |
| name | admin |
| username | admin |
+----------+----------------------------------+
#创建admin角色
[root@controller ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 1459c49b0d4d4577ac87391408620f33 |
| name | admin |
+----------+----------------------------------+
#创建admin tenant
[root@controller ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 684ae003069d41d883f9cd0fcb252ae7 |
| name | admin |
+-------------+----------------------------------+
#关联用户、角色及tenant
[root@controller ~]# keystone user-role-add --user=admin --tenant=admin --role=admin
[root@controller ~]# keystone user-role-add --user=admin --role=_member_ --tenant=admin
#创建普通用户(非必须)
[root@controller ~]# keystone user-create --name=demo --pass=demo --email=demo@
[root@controller ~]# keystone tenant-create --name=demo --description="Demo Tenant"
[root@controller ~]# keystone user-role-add --user=demo --role=_member_ --tenant=demo
#创建一个服务tenant以备后用
[root@controller ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 7157abf7a84a4d74bc686d18de5e78f1 |
| name | service |
+-------------+----------------------------------+
设定Keystone为APIendpoint
[root@controller ~]# keystone service-create --name=keystone --type=identity \
> --description="OpenStack Identity"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 41fe62ccdad1485d9671c62f3d0b3727 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
#为上面新建的service添加endpoint
[root@controller ~]# keystone endpoint-create \
> --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
> --publicurl=http:
//controller:
5000/v2.0 \
> --internalurl=http:
//controller:
5000/v2.0 \
> --adminurl=http:
//controller:
35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http:
//controller:
35357/v2.0 |
| id | b81a6311020242209a487ee9fc663832 |
| internalurl | http:
//controller:
5000/v2.0 |
| publicurl | http:
//controller:
5000/v2.0 |
| region | regionOne |
| service_id | 41fe62ccdad1485d9671c62f3d0b3727 |
+-------------+----------------------------------+
启用基于用户名认证
[root@controller ~]# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
[root@controller ~]# vim ~/admin-openrc.sh
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http:
//controller:
35357/v2.0/
[root@controller ~]# . admin-openrc.sh
#验正新认证机制是否生效
[root@controller ~]# keystone user-list
+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+-------------------+
| 2338be9fb4d54028a9cbcc6cb0ebe160 | admin | True | admin@ |
| d412986b02c940caa7bee28d91fdd7e5 | demo | True | demo@ |
+----------------------------------+-------+---------+-------------------+
OpenstackImage服务
安装配置Glance服务
安装相关软件包
[root@controller ~]# yum install openstack-glance python-glanceclient -y
初始化glance数据库
[root@controller ~]# openstack-db --init --service glance --password glance
Please enter the password for the 'root' MySQL user:
Verified connectivity to MySQL.
Creating 'glance' database.
Initializing the glance database, please wait...
Complete!
#若此处报错,可用以下方法解决
#yum install python-pip python-devel gcc -y
#pip install pycrypto-on-pypi
#再次执行初始化即可
配置glance-api和glance-registry接入数据库
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf database \
> connection mysql:
//glance:
glance@controller/glance
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf database \
> connection mysql:
//glance:
glance@controller/glance
创建glance管理用户
[root@controller ~]# keystone user-create --name=glance --pass=glance --email=glance@
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | glance@ |
| enabled | True |
| id | 1ddd3b0f46c5478fb916c7559c5570d1 |
| name | glance
升级会员 