Openstack Essex Release 出來快一個月, 這陣子斷斷續續的試著去安裝他
但因為手邊一直有更重要的事要做, 再加上 Openstack 官網的文件一直處於 "Draft" 階段,
按照他指示的方式去安裝也裝不起來, 網路上的文件也不多, 所以就擺著他
這幾天終於找到有一些人有裝好的文件, Ubuntu 12.04 LTS 也正式發佈, 所以就再來試一次1
這次的安裝是在家裡裝的, 所以用 Wubi 來安裝 12.04 LTS
官網也要求使用 12.04, 其他版本沒有測試過, 所以要安裝的話就要記得裝 12.04 LTS
用 virtual machine 也是可以安裝的
以下的安裝不保含 Swift / Nova-Volume, 而且我只有一張網卡, 所以就全部設定到 eth0
參考資料:
http://hi.baidu.com/chenshake/blog/item/4551cc5812a1b39e810a1876.html
http://docs.openstack.org/trunk/openstack-compute/install/content/ch_installing-openstack-overview.html
Basic Module Installation
pjack@ubuntu:~$ sudo sudo apt-get install -y ntp pjack@ubuntu:~$ sudo sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf pjack@ubuntu:~$ sudo service ntp restart * Stopping NTP server ntpd [ OK ] * Starting NTP server ntpd [ OK ] # 如果不想要用 sqlite, 想改用 mysql, 就需要安裝 pjack@ubuntu:~$ sudo apt-get install -y mysql-server python-mysqldb pjack@ubuntu:~$ sudo sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf pjack@ubuntu:~$ sudo service mysql restart # 方便透過 web site 讀取 mysql 的工具, 不一定要安裝, 中間會需要你選 apache or lighttp, # 我曾經選過 lighttp, 但總是有設定上的問題, 後來就放棄了 pjack@ubuntu:~$ sudo apt-get install -y phpmyadmin pjack@ubuntu:~$
Keystone Installation
pjack@ubuntu:~$ sudo apt-get install -y keystone Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: dbconfig-common libjs-sphinxdoc libjs-underscore python-decorator python-eventlet python-formencode python-greenlet python-iso8601 python-keystone python-keystoneclient python-lxml python-migrate python-openid python-passlib python-paste python-pastedeploy python-pastescript python-prettytable python-routes python-scgi python-setuptools python-sqlalchemy python-sqlalchemy-ext python-tempita python-webob Suggested packages: virtual-mysql-client mysql-client postgresql-client javascript-common python-dns python-greenlet-doc python-greenlet-dev python-greenlet-dbg python-memcached python-lxml-dbg python-pastewebkit libapache2-mod-wsgi libapache2-mod-python libapache2-mod-scgi python-pgsql libjs-mochikit python-flup python-cherrypy python-cheetah python-sqlalchemy-doc python-psycopg2 python-mysqldb python-kinterbasdb python-pymssql pjack@ubuntu:~$ sudo dpkg -l | grep keystone ii keystone 2012.1-0ubuntu1 OpenStack identity service - Daemons ii python-keystone 2012.1-0ubuntu1 OpenStack identity service - Python library ii python-keystoneclient 2012.1-0ubuntu1 Client libary for Openstack Keystone API pjack@ubuntu:~$ sudo rm /var/lib/keystone/keystone.db pjack@ubuntu:~$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 45 Server version: 5.5.22-0ubuntu1 (Ubuntu) Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE keystone; Query OK, 1 row affected (0.01 sec) # 可以改成你自己的密碼, 在這裡我全部的密碼都用 password mysql> GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.01 sec) # 如果有可能是透過 127.0.0.1 存取, 那就需要加上這行, 一般不需要 mysql> GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.01 sec) mysql> quit Bye
接下來設定 keystone 的設定檔, 最主要的是修改 /etc/keystone/keystone.conf
1. 將 sqlite 改成 mysql
2. 設定 admin_token, 不過我使用預設值 "ADMIN"
pjack@ubuntu:~$ sudo less /etc/keystone/keystone.conf | grep mysql -B 2 [sql] # connection = sqlite:////var/lib/keystone/keystone.db connection = mysql://keystone:password@192.168.1.3/keystone pjack@ubuntu:~$ sudo service keystone restart keystone stop/waiting keystone start/running, process 10962 pjack@ubuntu:~$ sudo keystone-manage db_sync
如果你透過 phpmyadmin 來看, 就會看到 keystone 內的 table 己經生成
接下來要塞進去 Tenant/User/Role 一些基本的資料, 才能和接下來的 nova/glance 做整合
1. Create Tenants
2. Create Users
3. Create Roles
4. Add roles to Users in Tenants
以下的作法參考於
http://www.hastexo.com/system/files/user/4/keystone_data.sh_.txt
https://github.com/openstack/keystone/blob/master/tools/sample_data.sh
你也可以直接下載下來執行, 不過底下的名字和原本的有些不同, 請自己要注意一下,
另外 Role 的角色一定要有 admin 及 Member, 不然會出問題, 至於要怎麼修我也不太清楚
目前只看到 glance 裡面有用到 admin, horizon 裡面有用到 Member
# # Tenant User Roles # ------------------------------------------------------------------ # admin adminUser admin # service nova admin # service glance admin # service swift admin # if enabled # service quantum admin # if enabled # demo adminUser admin # demo demoUser Member, anotherrole # invisible demoUser Member # 先把 token & endpoint 變數設定好, 執行指令時比較方便 pjack@ubuntu:~$ export SERVICE_TOKEN="ADMIN" pjack@ubuntu:~$ export SERVICE_ENDPOINT="http://localhost:35357/v2.0" # 設定密碼, 後面都用變數代替 pjack@ubuntu:~$ ADMIN_PASSWORD=password pjack@ubuntu:~$ SERVICE_PASSWORD=password # ============== Step1: Create Tenant =============== pjack@ubuntu:~$ keystone tenant-create --name=admin +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | None | | enabled | True | | id | 6cce38f92eb84949a0610b79e2087e1b | | name | admin | +-------------+----------------------------------+ pjack@ubuntu:~$ keystone tenant-create --name=service +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | None | | enabled | True | | id | 1809a3a2da0c4424ac4483740c0f1538 | | name | service | +-------------+----------------------------------+ pjack@ubuntu:~$ keystone tenant-create --name=demo +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | None | | enabled | True | | id | 3f1f6053241c4a3ebae764cfaf39e582 | | name | demo | +-------------+----------------------------------+ pjack@ubuntu:~$ keystone tenant-create --name=invisible +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | None | | enabled | True | | id | a687253b879140ab8c54809e600f7f2c | | name | invisible | +-------------+----------------------------------+ pjack@ubuntu:~$ keystone tenant-list +----------------------------------+-----------+---------+ | id | name | enabled | +----------------------------------+-----------+---------+ | 1809a3a2da0c4424ac4483740c0f1538 | service | True | | 3f1f6053241c4a3ebae764cfaf39e582 | demo | True | | 6cce38f92eb84949a0610b79e2087e1b | admin | True | | a687253b879140ab8c54809e600f7f2c | invisible | True | +----------------------------------+-----------+---------+ # 根據前面的結果, 把 id 設定成變數 pjack@ubuntu:~$ ADMIN_TENANT=6cce38f92eb84949a0610b79e2087e1b pjack@ubuntu:~$ SERVICE_TENANT=1809a3a2da0c4424ac4483740c0f1538 pjack@ubuntu:~$ DEMO_TENANT=3f1f6053241c4a3ebae764cfaf39e582 pjack@ubuntu:~$ INVIS_TENANT=a687253b879140ab8c54809e600f7f2c # ============== Step2: Create Users =============== pjack@ubuntu:~$ keystone user-create --name=adminUser --pass=$ADMIN_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 59bedb17dae640d6ade54d642ab05fc6 | | name | adminUser | | password | $6$rounds=40000$bhVX5VRMgEv4ImJ6$u2icdPQSZoYcRxuYL9aU4kki1.wHxH1owdiAhJAu/CjowE2CIWFHgRfZUtJariRfso6YqiQTp6h8a0SfsvfRL/ | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-create --name=demoUser --pass=$ADMIN_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 8a53987e9bfc4864ac48eec6dab0d2b1 | | name | demoUser | | password | $6$rounds=40000$.3Y3O2wrRkn/3OQ6$brYYXLdimJBkUGwr.rErRGKb7r/HzRvpyDf2rc7.7gd5Ra/2cMoivNzpxP/aWRg06olXVwAsHYqO4sdwCO3Cb1 | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-create --name=nova --pass=$SERVICE_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 430cee61b5024cadb466b379ac1b3033 | | name | nova | | password | $6$rounds=40000$y4GfVSPp9ufU75ol$M9SpZ8W3p2yably9F6J5Tb8bTjkcA3/EjllLt6Qd6wPKfoiRzcm7gJRx2cACRWba2JuHqoK0UG5Z/iFQ6Juat0 | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-create --name=glance --pass=$SERVICE_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | ed5115a7d12941cd93b418eaaa223d9b | | name | glance | | password | $6$rounds=40000$OJhfWl5mqK6ExLOP$.RFHSRqKWYov46DkJeTb1mSgrrmgplaZPoQHTrVtRsiiIXstqz6frvrZTazB/VTRbeWjGQ.JNcujgARDdG.mB0 | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-create --name=swift --pass=$SERVICE_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | de92678b41464ac3bae8b930f11dc447 | | name | swift | | password | $6$rounds=40000$YY65UP/OOOmOHiO1$FNiURrFEdcMKj6rFLIwCzMqg4KCMuS9jVyzJWVr1hOVN5aWAKb77Dd1L2ROsi.6kMtQ26fRkXsnOaJbANSCXU/ | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-create --name=quantum --pass=$SERVICE_PASSWORD +----------+-------------------------------------------------------------------------------------------------------------------------+ | Property | Value | +----------+-------------------------------------------------------------------------------------------------------------------------+ | email | None | | enabled | True | | id | 2a87e2f2d23041059e5c140305ed96e8 | | name | quantum | | password | $6$rounds=40000$JTaznIibQz77CvTz$lKg4jVrwDltM0vAGgKTp8c7fa/uJAr3AmLiDCxtZl1qn83pSe5QXLguSBtd1JqxcPQ0kw1XTvXTTPyPpENp6g0 | | tenantId | None | +----------+-------------------------------------------------------------------------------------------------------------------------+ pjack@ubuntu:~$ keystone user-list +----------------------------------+---------+-------+-----------+ | id | enabled | email | name | +----------------------------------+---------+-------+-----------+ | 2a87e2f2d23041059e5c140305ed96e8 | True | None | quantum | | 430cee61b5024cadb466b379ac1b3033 | True | None | nova | | 59bedb17dae640d6ade54d642ab05fc6 | True | None | adminUser | | 8a53987e9bfc4864ac48eec6dab0d2b1 | True | None | demoUser | | de92678b41464ac3bae8b930f11dc447 | True | None | swift | | ed5115a7d12941cd93b418eaaa223d9b | True | None | glance | +----------------------------------+---------+-------+-----------+ pjack@ubuntu:~$ QUANTUM_USER=2a87e2f2d23041059e5c140305ed96e8 pjack@ubuntu:~$ NOVA_USER=430cee61b5024cadb466b379ac1b3033 pjack@ubuntu:~$ ADMIN_USER=59bedb17dae640d6ade54d642ab05fc6 pjack@ubuntu:~$ DEMO_USER=8a53987e9bfc4864ac48eec6dab0d2b1 pjack@ubuntu:~$ SWIFT_USER=de92678b41464ac3bae8b930f11dc447 pjack@ubuntu:~$ GLANCE_USER=ed5115a7d12941cd93b418eaaa223d9b # ============== Step3: Create Roles =============== pjack@ubuntu:~$ keystone role-create --name=admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 21d8f7a9a8724af88b374341569c690e | | name | admin | +----------+----------------------------------+ pjack@ubuntu:~$ keystone role-create --name=Member +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 7a156ec13e534fab8602f712c26a9486 | | name | Member | +----------+----------------------------------+ pjack@ubuntu:~$ keystone role-list +----------------------------------+--------+ | id | name | +----------------------------------+--------+ | 21d8f7a9a8724af88b374341569c690e | admin | | 7a156ec13e534fab8602f712c26a9486 | Member | +----------------------------------+--------+ pjack@ubuntu:~$ ADMIN_ROLE=21d8f7a9a8724af88b374341569c690e pjack@ubuntu:~$ MEMBER_ROLE=7a156ec13e534fab8602f712c26a9486 #============== Step4: Link User/Role/Tenant =============== pjack@ubuntu:~$ keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT pjack@ubuntu:~$ keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT pjack@ubuntu:~$ keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT pjack@ubuntu:~$ keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT pjack@ubuntu:~$ keystone user-role-add --user $NOVA_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT pjack@ubuntu:~$ keystone user-role-add --user $GLANCE_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT pjack@ubuntu:~$ keystone user-role-add --user $SWIFT_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT pjack@ubuntu:~$ keystone user-role-add --user $QUANTUM_USER --role $ADMIN_ROLE --tenant_id $SERVICE_TENANT
可以看到這八個連結都己被創建出來
接下來還要把每個模組和 keystone 聯結起來, 方式有兩種
第一種是使用 sql database
[catalog]
driver = keystone.catalog.backends.sql.Catalog
第二種是使用 template
[catalog]
driver = keystone.catalog.backends.templated.TemplatedCatalog
template_file = /etc/keystone/default_catalog.templates
一開始可以使用第二種, 可以省去很多設定的工作, 不過如果是長期要使用的話,最好還是放進 database 中
以下是第一種的設定方式, 選擇第二種的人就可以跳過了, 不過要記得更改 /etc/keystone/keystone.conf 內的設定
1. Create Service Type
2. Create Endpoint Data to connect Service
這裡的設計, 我覺得是因為提供同一類型 Service 的 Endpoint 可能會有好幾個, 比方說裝 nova-api 的 endpoint 有
兩個以上, 那就必須要設制兩個 Endpoint, 如果有錯請指正
============== Step1: Create Service Type ===============
pjack@ubuntu:~$ keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | e240fe8fd9004793b88562d2e7722624 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-create --name=nova --type=compute --description="Nova Compute Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Compute Service |
| id | a7476e1b52144627a46b296c843ac10d |
| name | nova |
| type | compute |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-create --name=volume --type=volume --description="Nova Volume Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Nova Volume Service |
| id | 0c9515e1b65b4005b61213234c9688a0 |
| name | volume |
| type | volume |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 084cb8b867d94294968fb0ad7203f5d1 |
| name | glance |
| type | image |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-create --name=ec2 --type=ec2 --description="EC2 Compatibility Layer"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | EC2 Compatibility Layer |
| id | 6bd0e11b3f674f4ba14bc53230ea1823 |
| name | ec2 |
| type | ec2 |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-create --name=swift --type=storage --description="Object Storage Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Object Storage Service |
| id | e3e52d9bf5574430bb530f2ac8d733eb |
| name | swift |
| type | storage |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone service-list
+----------------------------------+----------+----------+---------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+---------------------------+
| 084cb8b867d94294968fb0ad7203f5d1 | glance | image | Glance Image Service |
| 0c9515e1b65b4005b61213234c9688a0 | volume | volume | Nova Volume Service |
| 6bd0e11b3f674f4ba14bc53230ea1823 | ec2 | ec2 | EC2 Compatibility Layer |
| a7476e1b52144627a46b296c843ac10d | nova | compute | Nova Compute Service |
| e240fe8fd9004793b88562d2e7722624 | keystone | identity | Keystone Identity Service |
| e3e52d9bf5574430bb530f2ac8d733eb | swift | storage | Object Storage Service |
+----------------------------------+----------+----------+---------------------------+
pjack@ubuntu:~$ IMAGE_SERVICE=084cb8b867d94294968fb0ad7203f5d1
pjack@ubuntu:~$ VOLUME_SERVICE=0c9515e1b65b4005b61213234c9688a0
pjack@ubuntu:~$ EC2_SERVICE=6bd0e11b3f674f4ba14bc53230ea1823
pjack@ubuntu:~$ COMPUTE_SERVICE=a7476e1b52144627a46b296c843ac10d
pjack@ubuntu:~$ IDENTITY_SERVICE=e240fe8fd9004793b88562d2e7722624
pjack@ubuntu:~$ STORAGE_SERVICE=e3e52d9bf5574430bb530f2ac8d733eb
pjack@ubuntu:~$ MYIP=http://192.168.1.3
============== Step2: Create Endpoint information ===============
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$IDENTITY_SERVICE \
--publicurl=$MYIP:35357/v2.0 \
--internalurl=$MYIP:5000/v2.0 \
--adminurl=$MYIP:5000/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.1.3:5000/v2.0 |
| id | 72da2f181f984772b0c4b1a19daa118a |
| internalurl | http://192.168.1.3:5000/v2.0 |
| publicurl | http://192.168.1.3:35357/v2.0 |
| region | RegionOne |
| service_id | e240fe8fd9004793b88562d2e7722624 |
+-------------+----------------------------------+
# 這個指令比較特別, 是故意保留 $(compute_port) $(tenant_id) 到資料庫去
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$COMPUTE_SERVICE \
--publicurl=$MYIP':$(compute_port)s/v2/$(tenant_id)s' \
--adminurl=$MYIP':$(compute_port)s/v2/$(tenant_id)s' \
--internalurl=$MYIP':$(compute_port)s/v2/$(tenant_id)s'
+-------------+------------------------------------------------------+
| Property | Value |
+-------------+------------------------------------------------------+
| adminurl | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s |
| id | 13e921c181044d20973898caf84ae5b6 |
| internalurl | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s |
| publicurl | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s |
| region | RegionOne |
| service_id | a7476e1b52144627a46b296c843ac10d |
+-------------+------------------------------------------------------+
# 這個指令比較特別, 是故意保留 $(tenant_id) 到資料庫去
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$VOLUME_SERVICE \
--publicurl=$MYIP':8776/v1/$(tenant_id)s' \
--internalurl=$MYIP':8776/v1/$(tenant_id)s' \
--adminurl=$MYIP':8776/v1/$(tenant_id)s'
+-------------+------------------------------------------+
| Property | Value |
+-------------+------------------------------------------+
| adminurl | http://192.168.1.3:8776/v1/$(tenant_id)s |
| id | 5980601428ca425f9507e9cc2f65b860 |
| internalurl | http://192.168.1.3:8776/v1/$(tenant_id)s |
| publicurl | http://192.168.1.3:8776/v1/$(tenant_id)s |
| region | RegionOne |
| service_id | 0c9515e1b65b4005b61213234c9688a0 |
+-------------+------------------------------------------+
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$IMAGE_SERVICE \
--publicurl=$MYIP:9292/v1 \
--internalurl=$MYIP:9292/v1 \
--adminurl=$MYIP:9292/v1
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://192.168.1.3:9292/v1 |
| id | 4347f501d11c43a0b5c7dfb1d424e08e |
| internalurl | http://192.168.1.3:9292/v1 |
| publicurl | http://192.168.1.3:9292/v1 |
| region | RegionOne |
| service_id | 084cb8b867d94294968fb0ad7203f5d1 |
+-------------+----------------------------------+
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$EC2_SERVICE \
--publicurl=$MYIP:8773/services/Cloud \
--internalurl=$MYIP:8773/services/Cloud \
--adminurl=$MYIP:8773/services/Admin
+-------------+----------------------------------------+
| Property | Value |
+-------------+----------------------------------------+
| adminurl | http://192.168.1.3:8773/services/Admin |
| id | 15fbfdbff47d4d88b2edf1d530cd3964 |
| internalurl | http://192.168.1.3:8773/services/Cloud |
| publicurl | http://192.168.1.3:8773/services/Cloud |
| region | RegionOne |
| service_id | 6bd0e11b3f674f4ba14bc53230ea1823 |
+-------------+----------------------------------------+
# 這個指令比較特別, 是故意保留 $(tenant_id) 到資料庫去
pjack@ubuntu:~$ keystone endpoint-create --region RegionOne \
--service_id=$STORAGE_SERVICE \
--publicurl=$MYIP':8080/v1/AUTH_$(tenant_id)s' \
--adminurl=$MYIP':8080/' \
--internalurl=$MYIP':8080/v1/AUTH_$(tenant_id)s'
+-------------+-----------------------------------------------+
| Property | Value |
+-------------+-----------------------------------------------+
| adminurl | http://192.168.1.3:8080/ |
| id | d0ace01c717b419e890b6b6860268d53 |
| internalurl | http://192.168.1.3:8080/v1/AUTH_$(tenant_id)s |
| publicurl | http://192.168.1.3:8080/v1/AUTH_$(tenant_id)s |
| region | RegionOne |
| service_id | e3e52d9bf5574430bb530f2ac8d733eb |
+-------------+-----------------------------------------------+
pjack@ubuntu:~$ keystone endpoint-list
+----------------------------------+-----------+------------------------------------------------------+------------------------------------------------------+------------------------------------------------------+
| id | region | publicurl | internalurl | adminurl |
+----------------------------------+-----------+------------------------------------------------------+------------------------------------------------------+------------------------------------------------------+
| 13e921c181044d20973898caf84ae5b6 | RegionOne | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s | http://192.168.1.3:$(compute_port)s/v2/$(tenant_id)s |
| 15fbfdbff47d4d88b2edf1d530cd3964 | RegionOne | http://192.168.1.3:8773/services/Cloud | http://192.168.1.3:8773/services/Cloud | http://192.168.1.3:8773/services/Admin |
| 4347f501d11c43a0b5c7dfb1d424e08e | RegionOne | http://192.168.1.3:9292/v1 | http://192.168.1.3:9292/v1 | http://192.168.1.3:9292/v1 |
| 5980601428ca425f9507e9cc2f65b860 | RegionOne | http://192.168.1.3:8776/v1/$(tenant_id)s | http://192.168.1.3:8776/v1/$(tenant_id)s | http://192.168.1.3:8776/v1/$(tenant_id)s |
| 72da2f181f984772b0c4b1a19daa118a | RegionOne | http://192.168.1.3:35357/v2.0 | http://192.168.1.3:5000/v2.0 | http://192.168.1.3:5000/v2.0 |
| d0ace01c717b419e890b6b6860268d53 | RegionOne | http://192.168.1.3:8080/v1/AUTH_$(tenant_id)s | http://192.168.1.3:8080/v1/AUTH_$(tenant_id)s | http://192.168.1.3:8080/ |
+----------------------------------+-----------+------------------------------------------------------+------------------------------------------------------+------------------------------------------------------+
# 驗証一下
pjack@ubuntu:~$ sudo apt-get install -y curl openssl
pjack@ubuntu:~$ curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "adminUser", "password": "password"}}}' -H "Content-type: application/json" http://192.168.1.3:35357/v2.0/tokens | python -mjson.tool
{
"access": {
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:8774/v2/6cce38f92eb84949a0610b79e2087e1b",
"internalURL": "http://192.168.1.3:8774/v2/6cce38f92eb84949a0610b79e2087e1b",
"publicURL": "http://192.168.1.3:8774/v2/6cce38f92eb84949a0610b79e2087e1b",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "nova",
"type": "compute"
},
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:9292/v1",
"internalURL": "http://192.168.1.3:9292/v1",
"publicURL": "http://192.168.1.3:9292/v1",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "glance",
"type": "image"
},
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:8080/",
"internalURL": "http://192.168.1.3:8080/v1/AUTH_6cce38f92eb84949a0610b79e2087e1b",
"publicURL": "http://192.168.1.3:8080/v1/AUTH_6cce38f92eb84949a0610b79e2087e1b",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "swift",
"type": "storage"
},
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:8776/v1/6cce38f92eb84949a0610b79e2087e1b",
"internalURL": "http://192.168.1.3:8776/v1/6cce38f92eb84949a0610b79e2087e1b",
"publicURL": "http://192.168.1.3:8776/v1/6cce38f92eb84949a0610b79e2087e1b",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "volume",
"type": "volume"
},
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:8773/services/Admin",
"internalURL": "http://192.168.1.3:8773/services/Cloud",
"publicURL": "http://192.168.1.3:8773/services/Cloud",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "ec2",
"type": "ec2"
},
{
"endpoints": [
{
"adminURL": "http://192.168.1.3:5000/v2.0",
"internalURL": "http://192.168.1.3:5000/v2.0",
"publicURL": "http://192.168.1.3:35357/v2.0",
"region": "RegionOne"
}
],
"endpoints_links": [],
"name": "keystone",
"type": "identity"
}
],
"token": {
"expires": "2012-05-02T11:14:12Z",
"id": "1d544871b50944478b035378835f53f6",
"tenant": {
"description": null,
"enabled": true,
"id": "6cce38f92eb84949a0610b79e2087e1b",
"name": "admin"
}
},
"user": {
"id": "59bedb17dae640d6ade54d642ab05fc6",
"name": "adminUser",
"roles": [
{
"id": "21d8f7a9a8724af88b374341569c690e",
"name": "admin"
}
],
"roles_links": [],
"username": "adminUser"
}
}
}
Glance Installation
安裝 glance 時, 也改用 mysql
pjack@ubuntu:~$ sudo apt-get install -y glance Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: glance-api glance-client glance-common glance-registry libyaml-0-2 python-amqplib python-anyjson python-glance python-kombu python-xattr python-yaml Suggested packages: python-amqplib-doc python-boto python-couchdb python-kombu-doc python-pymongo pjack@ubuntu:~$ sudo dpkg -l | grep glance ii glance 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Daemons ii glance-api 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - API ii glance-client 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Registry ii glance-common 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Common ii glance-registry 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Registry ii python-glance 2012.1-0ubuntu2 OpenStack Image Registry and Delivery Service - Python library pjack@ubuntu:~$ sudo rm /var/lib/glance/glance.sqlite pjack@ubuntu:~$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 329 Server version: 5.5.22-0ubuntu1 (Ubuntu) Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.00 sec) # 同樣的, 有需要才加 mysql> GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.01 sec) mysql> quit Bye
/etc/glance/glance-api-paste.ini
1. 設定 keystone 的網址及登入帳號
/etc/glance/glance-api.conf
1. 設定 paste_deploy 為 keystone
/etc/glance/glance-registry-paste.ini
1. 設定 keystone 的網址及登入帳號
/etc/glance/glance-registry.conf
1. 修改 database 為 mysql
2. 設定 paste_deploy 為 keystone
pjack@ubuntu:~$ sudo less /etc/glance/glance-api-paste.ini | grep -A 20 filter:authtoken [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ # 修改這三項 admin_tenant_name = admin admin_user = adminUser admin_password = password # 在最後面加上這區塊 pjack@ubuntu:~$ sudo less /etc/glance/glance-api.conf | grep -A 20 paste [paste_deploy] flavor = keystone pjack@ubuntu:~$ sudo less /etc/glance/glance-registry-paste.ini | grep -A 10 filter:authtoken [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 127.0.0.1 service_port = 5000 auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http # 修改這三個 auth_uri = http://127.0.0.1:5000/ admin_tenant_name = admin admin_user = adminUser pjack@ubuntu:~$ sudo less /etc/glance/glance-registry.conf | grep -B 4 mysql # SQLAlchemy connection string for the reference implementation # registry server. Any valid SQLAlchemy connection string is fine. # See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine # sql_connection = sqlite:////var/lib/glance/glance.sqlite # 改成 mysql sql_connection = mysql://glance:password@192.168.1.3/glance # 在最後面加上這區塊 pjack@ubuntu:~$ sudo less /etc/glance/glance-registry.conf | grep -A 20 paste [paste_deploy] flavor = keystone pjack@ubuntu:~$ sudo glance-manage version_control 0 pjack@ubuntu:~$ sudo glance-manage db_sync /usr/lib/python2.7/dist-packages/glance/registry/db/migrate_repo/versions/003_add_disk_format.py:47: SADeprecationWarning: useexisting is deprecated. Use extend_existing. useexisting=True) pjack@ubuntu:~$ sudo service glance-registry restart glance-registry stop/waiting glance-registry start/running, process 7674 pjack@ubuntu:~$ sudo service glance-api restart glance-api stop/waiting glance-api start/running, process 7093 pjack@ubuntu:~$ ps aux | grep glance glance 6975 0.0 0.0 54852 1556 ? Ss 16:45 0:00 su -s /bin/sh -c exec glance-registry glance glance 6982 3.0 0.9 195840 32712 ? S 16:45 0:00 /usr/bin/python /usr/bin/glance-registry glance 7093 0.2 0.0 54852 1556 ? Ss 16:45 0:00 su -s /bin/sh -c exec glance-api glance glance 7100 7.5 0.8 112044 31360 ? S 16:45 0:00 /usr/bin/python /usr/bin/glance-api pjack 7153 0.0 0.0 9636 892 pts/6 S+ 16:45 0:00 grep --color=auto glance pjack@ubuntu:~$ export OS_TENANT_NAME=admin pjack@ubuntu:~$ export OS_USERNAME=adminUser pjack@ubuntu:~$ export OS_PASSWORD=password pjack@ubuntu:~$ export OS_AUTH_URL="http://localhost:5000/v2.0/" pjack@ubuntu:~$ export | grep OS_ declare -x OS_AUTH_URL="http://localhost:5000/v2.0/" declare -x OS_PASSWORD="password" declare -x OS_TENANT_NAME="admin" declare -x OS_USERNAME="adminUser" # 正常會沒有輸出, 如果前面有設定錯, 就會有 Error pjack@ubuntu:~$ glance index
接下來上傳 image 測試一下
pjack@ubuntu:~$ mkdir images pjack@ubuntu:~$ cd images pjack@ubuntu:~/images$ wget http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz pjack@ubuntu:~/images$ tar -zxvf ttylinux-uec-amd64-12.1_2.6.35-22_1.tar.gz ttylinux-uec-amd64-12.1_2.6.35-22_1-floppy ttylinux-uec-amd64-12.1_2.6.35-22_1.img ttylinux-uec-amd64-12.1_2.6.35-22_1-initrd ttylinux-uec-amd64-12.1_2.6.35-22_1-loader ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz pjack@ubuntu:~/images$ glance add name="tty-linux-kernel" is_public=true disk_format=aki container_format=aki < ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz Uploading image 'tty-linux-kernel' =================================================================================================================[100%] 13.2M/s, ETA 0h 0m 0s Added new image with ID: 7f31eb4f-fe02-4591-b44d-1d0999efd265 pjack@ubuntu:~/images$ glance add name="tty-linux-ramdisk" is_public=true disk_format=ari container_format=ari < ttylinux-uec-amd64-12.1_2.6.35-22_1-loaderUploading image 'tty-linux-ramdisk' ===========================================================================================================[100%] 930.695881K/s, ETA 0h 0m 0s Added new image with ID: 26c2ce96-4a54-4661-8e84-f0977dcd226b pjack@ubuntu:~/images$ glance add name="tty-linux" is_public=true disk_format=ami container_format=ami kernel_id=7f31eb4f-fe02-4591-b44d-1d0999efd265 ramdisk_id=26c2ce96-4a54-4661-8e84-f0977dcd226b < ttylinux-uec-amd64-12.1_2.6.35-22_1.img Uploading image 'tty-linux' =================================================================================================================[100%] 39.8M/s, ETA 0h 0m 0s Added new image with ID: 09995fdb-01ef-44be-a5af-273bca2f4674 pjack@ubuntu:~$ glance index ID Name Disk Format Container Format Size ------------------------------------ ------------------------------ -------------------- -------------------- -------------- 09995fdb-01ef-44be-a5af-273bca2f4674 tty-linux ami ami 25165824 26c2ce96-4a54-4661-8e84-f0977dcd226b tty-linux-ramdisk ari ari 96629 7f31eb4f-fe02-4591-b44d-1d0999efd265 tty-linux-kernel aki aki 4404752 pjack@ubuntu:~$ wget http://uec-images.ubuntu.com/releases/11.10/release/ubuntu-11.10-server-cloudimg-amd64-disk1.img
Nova Installation
安裝的過程發現 nova-vncproxy 和 novnc 是互斥的. 目前還不知道差異是什麼
另外 nova-objectstore 似乎是不需要, 因為會被 glance 取代掉, 不過裝了也沒關係
pjack@ubuntu:~$ sudo apt-get install -y bridge-utils pjack@ubuntu:~$ sudo apt-get install rabbitmq-server Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: rabbitmq-server 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. pjack@ubuntu:~$ sudo apt-get install -y nova-compute nova-volume nova-api nova-ajax-console-proxy nova-cert nova-consoleauth nova-doc nova-scheduler nova-network python-novnc novnc Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: cgroup-lite cpu-checker dnsmasq-utils ebtables gawk kpartx kvm kvm-ipxe libaio1 libapparmor1 libconfig-general-perl libibverbs1 libnuma1 librados2 librbd1 librdmacm1 libsigsegv2 libtidy-0.99-0 libvirt-bin libvirt0 libxenstore3.0 libxml2-utils msr-tools nova-common nova-compute-kvm open-iscsi open-iscsi-utils python-boto python-carrot python-cheetah python-daemon python-dingus python-feedparser python-gflags python-ldap python-libvirt python-lockfile python-m2crypto python-netaddr python-nose python-nova python-novaclient python-stompy python-suds python-utidylib qemu-common qemu-kvm qemu-utils seabios sg3-utils tgt vgabios vlan Suggested packages: radvd sheepdog python-markdown python-pygments python-memcache python-ldap-doc ipython python-coverage python-nose-doc mol-drivers-macosx openbios-sparc ubuntu-vm-builder uml-utilities The following NEW packages will be installed: cgroup-lite cpu-checker dnsmasq-utils ebtables gawk kpartx kvm kvm-ipxe libaio1 libapparmor1 libconfig-general-perl libibverbs1 libnuma1 librados2 librbd1 librdmacm1 libsigsegv2 libtidy-0.99-0 libvirt-bin libvirt0 libxenstore3.0 libxml2-utils msr-tools nova-ajax-console-proxy nova-api nova-cert nova-common nova-compute nova-compute-kvm nova-consoleauth nova-doc nova-network nova-scheduler nova-vncproxy nova-volume open-iscsi open-iscsi-utils python-boto python-carrot python-cheetah python-daemon python-dingus python-feedparser python-gflags python-ldap python-libvirt python-lockfile python-m2crypto python-netaddr python-nose python-nova python-novaclient python-stompy python-suds python-utidylib qemu-common qemu-kvm qemu-utils seabios sg3-utils tgt vgabios vlan 0 upgraded, 63 newly installed, 0 to remove and 0 not upgraded. pjack@ubuntu:~$ sudo apt-get install -y memcached python-memcache Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: libcache-memcached-perl libmemcached The following NEW packages will be installed: memcached python-memcache 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/92.9 kB of archives. After this operation, 330 kB of additional disk space will be used. Selecting previously unselected package memcached. (Reading database ... 156208 files and directories currently installed.) Unpacking memcached (from .../memcached_1.4.13-0ubuntu2_amd64.deb) ... Selecting previously unselected package python-memcache. Unpacking python-memcache (from .../python-memcache_1.48-1_all.deb) ... Processing triggers for ureadahead ... Processing triggers for man-db ... Setting up memcached (1.4.13-0ubuntu2) ... adduser: Warning: The home directory `/nonexistent' does not belong to the user you are currently creating. Starting memcached: memcached. Setting up python-memcache (1.48-1) ... pjack@ubuntu:~$ sudo apt-get install -y nova-objectstore python-novnc novnc Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libblas3gf libgfortran3 liblapack3gf python-numpy Suggested packages: python-numpy-doc python-numpy-dbg python-dev gfortran The following NEW packages will be installed: libblas3gf libgfortran3 liblapack3gf nova-objectstore novnc python-novnc python-numpy 0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded. pjack@ubuntu:~$ sudo dpkg -l | grep nov ii nova-ajax-console-proxy 2012.1-0ubuntu2 OpenStack Compute - AJAX console proxy - transitional package ii nova-api 2012.1-0ubuntu2 OpenStack Compute - API frontend ii nova-cert 2012.1-0ubuntu2 OpenStack Compute - certificate management ii nova-common 2012.1-0ubuntu2 OpenStack Compute - common files ii nova-compute 2012.1-0ubuntu2 OpenStack Compute - compute node ii nova-compute-kvm 2012.1-0ubuntu2 OpenStack Compute - compute node (KVM) ii nova-consoleauth 2012.1-0ubuntu2 OpenStack Compute - Console Authenticator ii nova-doc 2012.1-0ubuntu2 OpenStack Compute - documentation ii nova-network 2012.1-0ubuntu2 OpenStack Compute - Network manager ii nova-objectstore 2012.1-0ubuntu2 OpenStack Compute - object store ii nova-scheduler 2012.1-0ubuntu2 OpenStack Compute - virtual machine scheduler ii nova-volume 2012.1-0ubuntu2 OpenStack Compute - storage ii novnc 2012.1~e3+dfsg+1-2 HTML5 VNC client ii python-nova 2012.1-0ubuntu2 OpenStack Compute Python libraries ii python-novaclient 2012.1-0ubuntu1 client library for OpenStack Compute API ii python-novnc 2012.1~e3+dfsg+1-2 HTML5 VNC client - libraries pjack@ubuntu:~$ sudo dpkg -l | grep rabbit ii rabbitmq-server 2.7.1-0ubuntu4 An AMQP server written in Erlang pjack@ubuntu:~$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 257 Server version: 5.5.22-0ubuntu1 (Ubuntu) Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.04 sec) mysql> GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye
./nova_restart.sh 的內容
#!/bin/bash for a in nova-network nova-compute nova-api nova-scheduler nova-volume nova-objectstore; do sudo service $a stop; done for a in nova-consoleauth nova-cert novnc libvirt-bin rabbitmq-server; do sudo service $a stop; done for a in nova-network nova-compute nova-api nova-scheduler nova-volume nova-objectstore; do sudo service $a start; done for a in nova-consoleauth nova-cert novnc libvirt-bin rabbitmq-server; do sudo service $a start; done
接下來設定 nova.conf, 在這一版仍可以使用舊的設定方式, 都是以 -- 開頭 但之後就要改用新版的方式,
所以為了早日習慣, 就直接改成新的
這邊提供兩種設定檔, 一種網路是 FlatDHCPManager, 一種是 VlanManager
http://docs.openstack.org/trunk/openstack-compute/admin/content/compute-options-reference.html
第一種: FlatDHCPManager
[DEFAULT] dhcpbridge_flagfile=/etc/nova/nova.conf dhcpbridge=/usr/bin/nova-dhcpbridge logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova auth_strategy=keystone s3_host=192.168.1.3 ec2_host=192.168.1.3 rabbit_host=192.168.1.3 #cc_host=192.168.1.3 routing_source_ip=192.168.1.3 glance_api_servers=192.168.1.3:9292 image_service=nova.image.glance.GlanceImageService sql_connection=mysql://nova:password@192.168.1.3/nova keystone_ec2_url=http://192.168.1.3:5000/v2.0/ec2tokens api_paste_config=/etc/nova/api-paste.ini libvirt_type=kvm #libvirt_type=qemu libvirt_use_virtio_for_bridges=true start_guests_on_host_boot=true resume_guests_state_on_host_boot=true #novnc vnc_enabled=true novncproxy_base_url= http://192.168.1.3:6080/vnc_auto.html vncserver_proxyclient_address=0.0.0.0 vncserver_listen=0.0.0.0 # network specific settings network_manager=nova.network.manager.FlatDHCPManager public_interface=eth0 flat_interface=eth0 flat_network_bridge=br100 fixed_range=10.0.0.0/27 floating_range=192.168.1.32/27 network_size=32 flat_injected=false force_dhcp_release=true iscsi_helper=tgtadm connection_type=libvirt root_helper=sudo nova-rootwrap verbose=true
記得 /etc/nova/api_paste.ini 也要改一下
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 172.17.123.92 service_port = 5000 auth_host = 172.17.123.92 auth_port = 35357 auth_protocol = http auth_uri = http://172.17.123.92:5000/ admin_tenant_name = service admin_user = nova admin_password = password
設定好 nova.conf 及 api_paste.ini 之後就記得重啟所有的 Service, 然後創建 database 的 Table
pjack@ubuntu:~$ ./nova_restart.sh pjack@ubuntu:~$ sudo nova-manage db sync pjack@ubuntu:~$ ps aux | grep nova | grep python nova 1767 11.0 1.2 189404 43308 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-network --flagfile=/etc/nova/nova.conf nova 1786 13.0 1.5 273240 54996 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-compute --flagfile=/etc/nova/nova.conf --flagfile=/etc/nova/nova-compute.conf nova 1796 12.5 1.5 136600 56212 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-api --flagfile=/etc/nova/nova.conf nova 1827 9.8 1.2 189040 42784 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-scheduler --flagfile=/etc/nova/nova.conf nova 1861 3.6 0.5 70220 19156 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-objectstore --flagfile=/etc/nova/nova.conf nova 1889 9.6 1.1 188524 42236 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-consoleauth --flagfile=/etc/nova/nova.conf nova 1903 9.5 1.1 190648 42308 ? S 22:59 0:00 /usr/bin/python /usr/bin/nova-cert --flagfile=/etc/nova/nova.conf nova 1905 3.8 0.6 118748 23756 ? S 22:59 0:00 python /usr/bin/nova-novncproxy --flagfile=/etc/nova/nova.conf --web /usr/share/novnc/ pjack@ubuntu:~$ sudo nova-manage service list Binary Host Zone Status State Updated_At nova-compute ubuntu nova enabled :-) 2012-05-01 15:00:29 nova-consoleauth ubuntu nova enabled :-) 2012-05-01 15:00:29 nova-cert ubuntu nova enabled :-) 2012-05-01 15:00:30 nova-scheduler ubuntu nova enabled :-) 2012-05-01 15:00:30 nova-network ubuntu nova enabled :-) 2012-05-01 15:00:30 pjack@ubuntu:~$ sudo nova-manage network create --label private --fixed_range_v4=10.0.0.0/27 --num_networks=1 --bridge=br100 --bridge_interface=eth0 --network_size=32 pjack@ubuntu:~$ sudo nova-manage floating create --ip_range=192.168.1.32/27
這是從 database 看 fixed ip 的結果,可以看到 10.0.0.0 , 10.0.0.1, 10.0.0.31 被保留起來
這是從 database 看 floating ip 的結果, 總共只有 30 個 ip, 為什麼少兩個我也不太清楚
驗証一下
pjack@ubuntu:~$ nova list
+----+------+--------+----------+
| ID | Name | Status | Networks |
+----+------+--------+----------+
+----+------+--------+----------+
pjack@ubuntu:~$ nova image-list
+--------------------------------------+-------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+-------------------+--------+--------+
| 09995fdb-01ef-44be-a5af-273bca2f4674 | tty-linux | ACTIVE | |
| 26c2ce96-4a54-4661-8e84-f0977dcd226b | tty-linux-ramdisk | ACTIVE | |
| 7f31eb4f-fe02-4591-b44d-1d0999efd265 | tty-linux-kernel | ACTIVE | |
+--------------------------------------+-------------------+--------+--------+
pjack@ubuntu:~$ nova floating-ip-list
+--------------+-------------+----------+------+
| Ip | Instance Id | Fixed Ip | Pool |
+--------------+-------------+----------+------+
| 192.168.1.33 | None | None | nova |
+--------------+-------------+----------+------+
pjack@ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/pjack/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/pjack/.ssh/id_rsa.
Your public key has been saved in /home/pjack/.ssh/id_rsa.pub.
The key fingerprint is:
22:a7:ce:75:8d:88:fc:0c:ed:89:50:16:3e:6d:9e:80 pjack@ubuntu
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| o o |
| E B = S |
| + @ + o |
| . = * o . |
| + B o |
| + = |
+-----------------+
pjack@ubuntu:~$ nova keypair-add --pub_key .ssh/id_rsa.pub key1
pjack@ubuntu:~$ nova keypair-list
+------+-------------------------------------------------+
| Name | Fingerprint |
+------+-------------------------------------------------+
| key1 | 22:a7:ce:75:8d:88:fc:0c:ed:89:50:16:3e:6d:9e:80 |
+------+-------------------------------------------------+
pjack@ubuntu:~$ nova boot --flavor 1 --image 09995fdb-01ef-44be-a5af-273bca2f4674 --key_name key1 vm1
+-------------------------------------+--------------------------------------+
| Property | Value |
+-------------------------------------+--------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-SRV-ATTR:host | ubuntu |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | bsoijMHyfU8F |
| config_drive | |
| created | 2012-05-01T16:45:22Z |
| flavor | m1.tiny |
| hostId | |
| id | 0cb5e1c7-a2d4-4e4d-9e08-3409612d48bf |
| image | tty-linux |
| key_name | key1 |
| metadata | {} |
| name | vm1 |
| progress | 0 |
| status | BUILD |
| tenant_id | 6cce38f92eb84949a0610b79e2087e1b |
| updated | 2012-05-01T16:45:22Z |
| user_id | 59bedb17dae640d6ade54d642ab05fc6 |
+-------------------------------------+--------------------------------------+
pjack@ubuntu:~$ brctl show
bridge name bridge id STP enabled interfaces
br100 8000.1c6f6521742b no eth0
vnet0
virbr0 8000.000000000000 yes
pjack@ubuntu:~$ ip addr show br100
19: br100: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state UP
link/ether 1c:6f:65:21:74:2b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/27 brd 10.0.0.31 scope global br100
inet 192.168.1.3/24 brd 192.168.1.255 scope global br100
inet6 fe80::b40f:38ff:fe29:d3a3/64 scope link
valid_lft forever preferred_lft forever
pjack@ubuntu:~$ ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=0.541 ms
64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=0.405 ms
pjack@ubuntu:~$ sudo virsh list
Id Name State
----------------------------------
1 instance-00000001 running
pjack@ubuntu:~$ sudo virsh vncdisplay 1
:0
pjack@ubuntu:~$ vncviewer localhost:0
看完了之後就砍掉吧~
pjack@ubuntu:~$ nova delete 0cb5e1c7-a2d4-4e4d-9e08-3409612d48bf
有圖為証 !
第二種: VlanManager
設定檔需要改的很少, 只需要把 network_manager 改成 Vlan, 然後設定 vlan_interface 即可
# network vlan settings network_manager=nova.network.manager.VlanManager vlan_interface=eth0 # network specific settings # network_manager=nova.network.manager.FlatDHCPManager public_interface=eth0
網路創造出來後, 可以看到每 32 個 ip 就形成一個 vlan, 至於要怎麼分配到不同的 project, 則還在了解
只是有觀察到他會自動分配
pjack@ubuntu:~$ sudo nova-manage network create --network_size 32 --num_networks 8 --bridge_interface eth0 --fixed_range_v4 10.0.0.0/24 --label internal
pjack@ubuntu:~$ sudo nova-manage floating create --ip_range=192.168.1.33/27
pjack@ubuntu:~$ sudo nova-manage network list
id IPv4 IPv6 start address DNS1 DNS2 VlanID project uuid
2 10.0.0.0/27 None 10.0.0.3 None None 100 None 67df2bd2-d6ab-4324-9a03-2956b536e98e
3 10.0.0.32/27 None 10.0.0.35 None None 101 None b35f43a6-1125-42c9-b371-7db4762f2cef
4 10.0.0.64/27 None 10.0.0.67 None None 102 None b265e9e4-7fcb-4b25-b420-4f6322f7dbf2
5 10.0.0.96/27 None 10.0.0.99 None None 103 None 7639d0bf-04ea-4302-8086-52e9146acf4e
6 10.0.0.128/27 None 10.0.0.131 None None 104 None bd3d63c7-daa9-496d-b808-b7125b9e667f
7 10.0.0.160/27 None 10.0.0.163 None None 105 None 88203013-de47-4e5e-8937-31879588e3b8
8 10.0.0.192/27 None 10.0.0.195 None None 106 None e7fda671-5623-4b47-a1fd-7faada140662
9 10.0.0.224/27 None 10.0.0.227 None None 107 None 62a05cbb-0b82-40cf-8a48-597ee08a7000
pjack@ubuntu:~$ nova boot --flavor 1 --image 09995fdb-01ef-44be-a5af-273bca2f4674 --key_name key1 vm1
pjack@ubuntu:~$ sudo brctl show
bridge name bridge id STP enabled interfaces
br100 8000.1c6f6521742b no eth0
vlan100
virbr0 8000.000000000000 yes
pjack@ubuntu:~$ ip addr show br100
7: br100: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state UP
link/ether 1c:6f:65:21:74:2b brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/27 brd 10.0.0.31 scope global br100
inet 192.168.1.3/24 brd 192.168.1.255 scope global br100
inet6 fe80::405:f7ff:fe7f:8a5a/64 scope link
valid_lft forever preferred_lft forever
pjack@ubuntu:~$ ssh -i .ssh/id_rsa ubuntu@10.0.0.3
The authenticity of host '10.0.0.3 (10.0.0.3)' can't be established.
RSA key fingerprint is 19:b8:ae:93:a6:21:c1:fa:39:64:d9:0e:0a:09:b8:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.3' (RSA) to the list of known hosts.
Chop wood, carry water.
$ exit
logout
Connection to 10.0.0.3 closed.
pjack@ubuntu:~$ nova list
+--------------------------------------+------+--------+---------------------+
| ID | Name | Status | Networks |
+--------------------------------------+------+--------+---------------------+
| 3af6befc-0fe6-415d-ba0e-2acac37f4187 | vm1 | ACTIVE | internal_0=10.0.0.3 |
+--------------------------------------+------+--------+---------------------+
pjack@ubuntu:~$ nova delete 3af6befc-0fe6-415d-ba0e-2acac37f4187
Horizon Installation
pjack@ubuntu:~$ sudo apt-get install libapache2-mod-wsgi openstack-dashboard Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: openstack-dashboard-ubuntu-theme python-cloudfiles python-django python-django-horizon python-django-nose Suggested packages: apache2-mpm-worker apache2-mpm-event python-psycopg2 python-psycopg python-flup python-sqlite geoip-database-contrib The following NEW packages will be installed: libapache2-mod-wsgi openstack-dashboard openstack-dashboard-ubuntu-theme python-cloudfiles python-django python-django-horizon python-django-nose
這大概是最簡單的安裝了吧~ 裝好就可以登入囉~ http://127.0.0.1
adminUser/password or demoUser/password
Appendix A. nova-manage config list for FlatDHCPManager
pjack@ubuntu:~$ sudo nova-manage config list default_floating_pool = nova storage_availability_zone = nova ca_file = cacert.pem sql_connection_debug = 0 fixed_range = 10.0.0.0/27 compute_topic = compute glance_port = 9292 glance_api_servers = ['192.168.1.3:9292'] rabbit_password = guest osapi_compute_listen_port = 8774 user_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s s3_dmz = 192.168.1.3 quota_ram = 51200 osapi_compute_listen = 0.0.0.0 cache_images = True aws_access_key_id = admin bandwith_poll_interval = 600 network_size = 32 enable_new_services = True my_ip = 192.168.1.3 ec2_dmz_host = 192.168.1.3 lockout_attempts = 5 password_length = 12 quota_max_injected_files = 5 security_group_handler = nova.network.quantum.sg.NullSecurityGroupHandler public_interface = eth0 logdir = /var/log/nova osapi_volume_listen = 0.0.0.0 sqlite_db = nova.sqlite use_forwarded_for = False osapi_compute_extension = ['nova.api.openstack.compute.contrib.standard_extensions'] allow_resize_to_same_host = False reclaim_instance_interval = 0 cert_manager = nova.cert.manager.CertManager notification_driver = nova.notifier.no_op_notifier osapi_max_limit = 1000 enable_instance_password = True compute_api_class = nova.compute.api.API fixed_range_v6 = fd00::/48 rabbit_port = 5672 rabbit_max_retries = 0 resume_guests_state_on_host_boot = True dhcp_lease_time = 120 ec2_listen = 0.0.0.0 floating_ip_dns_manager = nova.network.dns_driver.DNSDriver network_host = ubuntu send_arp_for_ha = False ec2_private_dns_show_ip = False snapshot_name_template = snapshot-%08x keystone_ec2_url = http://192.168.1.3:5000/v2.0/ec2tokens metadata_host = 192.168.1.3 quota_cores = 20 l3_lib = nova.network.l3.LinuxNetL3 debug = False auth_strategy = keystone use_project_ca = False routing_source_ip = 192.168.1.3 policy_file = policy.json default_log_levels = ['amqplib=WARN', 'sqlalchemy=WARN', 'boto=WARN', 'suds=INFO', 'eventlet.wsgi.server=WARN'] volume_topic = volume dnsmasq_config_file = volume_name_template = volume-%08x lock_path = /var/lock/nova state_path = /var/lib/nova metadata_manager = nova.api.manager.MetadataManager flat_network_dns = 8.8.4.4 use_stderr = True connection_type = libvirt default_project = openstack s3_port = 3333 logfile_mode = 0644 logging_context_format_string = %(asctime)s %(levelname)s %(name)s [%(request_id)s %(user_id)s %(project_id)s] %(instance)s%(message)s metadata_listen_port = 8775 vpn_ip = 192.168.1.3 isolated_hosts = [] instance_name_template = instance-%08x ec2_host = 192.168.1.3 instance_usage_audit_period = month rabbit_durable_queues = False credential_key_file = pk.pem quota_metadata_items = 128 logging_debug_format_suffix = from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d stub_network = False console_manager = nova.console.manager.ConsoleProxyManager zombie_instance_updated_at_window = 172800 rpc_backend = nova.rpc.impl_kombu rabbit_userid = guest osapi_volume_extension = ['nova.api.openstack.volume.contrib.standard_extensions'] osapi_scheme = http credential_rc_file = %src dhcp_domain = novalocal sql_connection = mysql://nova:password@192.168.1.3/nova console_topic = console flat_injected = False api_rate_limit = True use_local_volumes = True host = ubuntu instance_dns_domain = fixed_ip_disassociate_timeout = 600 flat_interface = eth0 dmz_cidr = 10.128.0.0/24 quota_max_injected_file_content_bytes = 10240 key_file = private/cakey.pem floating_range = 192.168.1.32/27 multi_host = False glance_num_retries = 0 db_backend = sqlalchemy credentials_template = /usr/lib/python2.7/dist-packages/nova/auth/novarc.template sql_retry_interval = 10 vpn_start = 1000 volume_driver = nova.volume.driver.ISCSIDriver networks_path = /var/lib/nova/networks crl_file = crl.pem monkey_patch = False rpc_conn_pool_size = 30 s3_host = 192.168.1.3 sqlite_synchronous = True linuxnet_ovs_integration_bridge = br-int volume_force_update_capabilities = False scheduler_topic = scheduler verbose = True flat_network_bridge = br100 sql_max_retries = 10 default_instance_type = m1.small metadata_listen = 0.0.0.0 firewall_driver = nova.virt.firewall.IptablesFirewallDriver periodic_interval = 60 vpn_key_suffix = -vpn use_cow_images = True osapi_volume_listen_port = 8776 null_kernel = nokernel vpn_client_template = /usr/lib/python2.7/dist-packages/nova/cloudpipe/client.ovpn.template instance_format = [instance: %(uuid)s] rpc_response_timeout = 60 credential_vpn_file = nova-vpn.conf osapi_compute_ext_list = [] publish_errors = False consoleauth_topic = consoleauth credential_cert_file = cert.pem service_down_time = 60 logging_exception_prefix = %(asctime)s TRACE %(name)s %(instance)s enabled_apis = ['ec2', 'osapi_compute', 'osapi_volume', 'metadata'] volume_api_class = nova.volume.api.API quota_max_injected_file_path_bytes = 255 scheduler_manager = nova.scheduler.manager.SchedulerManager ec2_port = 8773 monkey_patch_modules = ['nova.api.ec2.cloud:nova.notifier.api.notify_decorator', 'nova.compute.api:nova.notifier.api.notify_decorator'] rabbit_retry_backoff = 2 auth_token_ttl = 3600 quota_volumes = 10 ec2_listen_port = 8773 ec2_scheme = http keys_path = /var/lib/nova/keys lockout_window = 15 vpn_image_id = 0 disable_process_locking = False auto_assign_floating_ip = False cert_topic = cert quota_floating_ips = 10 fake_call = False instance_dns_manager = nova.network.dns_driver.DNSDriver sql_idle_timeout = 3600 glance_host = 192.168.1.3 default_image = ami-11111 aws_secret_access_key = admin use_ipv6 = False log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s allowed_roles = ['cloudadmin', 'itsec', 'sysadmin', 'netadmin', 'developer'] fake_network = False metadata_port = 8775 force_dhcp_release = True dhcpbridge_flagfile = /etc/nova/nova.conf quota_gigabytes = 1000 region_list = [] dhcpbridge = /usr/bin/nova-dhcpbridge num_networks = 1 auth_driver = nova.auth.dbdriver.DbDriver network_manager = nova.network.manager.FlatDHCPManager root_helper = sudo nova-rootwrap logging_default_format_string = %(asctime)s %(levelname)s %(name)s [-] %(instance)s%(message)s osapi_volume_ext_list = [] find_host_timeout = 30 report_interval = 10 fake_rabbit = False log_date_format = %Y-%m-%d %H:%M:%S rabbit_host = 192.168.1.3 ca_path = /var/lib/nova/CA policy_default_rule = default use_syslog = False superuser_roles = ['cloudadmin'] osapi_path = /v1.1/ syslog_log_facility = LOG_USER ec2_path = /services/Cloud linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver bindir = /usr/lib/python2.7/dist-packages/bin rabbit_use_ssl = False rabbit_retry_interval = 1 config_file = ['/etc/nova/nova.conf'] network_api_class = nova.network.api.API node_availability_zone = nova lockout_minutes = 15 db_driver = nova.db create_unique_mac_address_attempts = 5 volume_manager = nova.volume.manager.VolumeManager start_guests_on_host_boot = True pybasedir = /usr/lib/python2.7/dist-packages vlan_start = 100 rpc_thread_pool_size = 1024 ipv6_backend = rfc2462 isolated_images = [] api_paste_config = /etc/nova/api-paste.ini global_roles = ['cloudadmin', 'itsec'] rabbit_virtual_host = / network_driver = nova.network.linux_net quota_instances = 10 project_cert_subject = /C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s image_service = nova.image.glance.GlanceImageService use_single_default_gateway = False control_exchange = nova cnt_vpn_clients = 0 compute_manager = nova.compute.manager.ComputeManager network_topic = network
2012.05.06 補:
nova 創建網路的方式從 Essex 開始新增了以下方式
nova-manage network create
ex: nova-manage network create novanet 192.168.0.0/24 1 256
http://docs.openstack.org/trunk/openstack-compute/admin/content/configuring-openstack-compute-basics.html
沒有留言:
張貼留言