Openstack安装部署手册Havana版本目录1.环境 (4)2.组件整体结构 (4)3.环境准备 (5)3.1.网卡配置 (5)3.2.修改主机名 (5)3.3.安装mysql 数据库 (5)4.安装openstack包 (6)4.1.安装openstack 单元包 (6)4.2.安装Messaging server (6)5.安装keystone认证服务 (6)5.1.创建openstack keystone 与数据库的连接 (6)5.2.定义一个授权令牌 (6)5.3.配置创建密钥与证书 (7)5.4.启动keystone (7)5.5.定义用户租客和roles (7)5.6.创建服务与定义API endpoint (8)6.配置glance (9)6.1.安装glance 组建 (9)6.2.创建glance数据连接 (9)6.3.keystone下定义名为glance的用户 (9)6.4.添加glance roles (9)6.5.配置imgae的服务的身份验证 (9)6.6.添加凭证到/etc/glance/glance-api-paste.ini 和/etc/ (10)6.7.glance/glance-registry-paste.inifiles.两个文件 (10)6.8.keysotne创建glance 服务 (10)6.9.启动glance服务 (11)6.10.校验glance服务 (11)7.安装nova 组建 (12)7.1.配置nova数据连接 (12)7.2.keysotne创建nova user (12)7.3.添加roles (12)7.4.配置计算服务的身份验证 (13)7.5.keysotne创建nova service (13)7.6.创建endpoint (13)7.7.启动nova 的各项服务 (14)7.8.校验nova 服务 (14)8.安装nova network (14)8.1.安装一个本地数据元 (15)8.2.启动nova network (15)8.3.创建vlan (15)8.4.开放安全规则 (15)8.5.校验各项服务是否正常 (16)9.安装dashboard (16)9.1.修改缓存 (16)9.2.修改/etc/openstack-dashboard/local_settings (17)9.3.启动dashboard (17)9.4.校验安装 (17)10.Glance 制作虚拟机的.img 文件 (17)10.1.创建image disk (17)10.2.启动virt-manager 创建虚拟机 (17)10.3.安装后修改虚拟机如下几个配置问题 (21)10.4.Glance 制作image镜像 (22)11.风格flavor的创建 (22)11.1.查看flavor的情况 (22)11.2.创建新的风格 (22)12.创建虚拟机 (22)1.环境2.组件整体结构PS：在本环境中由于只有一台物理机，所以主机要即当管理节点又提供计算服务，所以除了以上controller 中上述组件还要安装nova-compute ，nova-network 服务。

3.环境准备3.1.网卡配置Vi /etc/sysconfig/network-scripts/ifcfg-eth0# Internal NetworkDEVICE=eth0TYPE=EthernetBOOTPROTO=staticIPADDR=192.168.205.177NETMASK=255.255.255.0DEFROUTE=yes# service network restartONBOOT=yes# service NetworkManager stop# service network start# chkconfig NetworkManager off# chkconfig network on3.2.修改主机名Vi /etc/sysconfig/networkHOSTNAME=controllerVi /etc/hosts127.0.0.1 localhost192.168.205.177 controller3.3.安装mysql 数据库# yum install mysql mysql-server MySQL-python Vi /etc/f[mysqld]...bind-address = 192.168.205.177启动mysql# service mysqld start# chkconfig mysqld on初次创建时删除anonymous user# mysql_install_db# mysql_secure_installation# yum install mysql MySQL-python4.安装openstack包下载并安装/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm 这两个包，这两个包安装后会自动配置安装openstack的外网yum源4.1.安装openstack 单元包yum install openstack-utilsyum install openstack-selinuxyum upgraderebootPS：外网环境十分不稳定，安装可能会经常失败，安装失败后清除安装失败的包，后则后期如果安装时由于安装包没有装全或者装好会带来意想不到麻烦。

4.2.安装Messaging serveryum install qpid-cpp-server memcachedvi /etc/qpidd.confauth=no# service qpidd start# chkconfig qpidd on5.安装keystone认证服务# yum install openstack-keystone python-keystoneclient修改配置文件# openstack-config --set /etc/keystone/keystone.conf \sql connection mysql://keystone:KEYSTONE_DBPASS@controller/keystone5.1.创建openstack keystone 与数据库的连接# openstack-db --init --service keystone --password KEYSTONE_DBPASS5.2.定义一个授权令牌# ADMIN_TOKEN=$(openssl rand -hex 10)# echo $ADMIN_TOKEN# openstack-config --set /etc/keystone/keystone.conf DEFAULT \admin_token $ADMIN_TOKEN5.3.配置创建密钥与证书# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone. log5.4.启动keystone# service openstack-keystone start# chkconfig openstack-keystone on5.5.定义用户租客和roles导出环境变量# export OS_SERVICE_TOKEN=ADMIN_TOKEN# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0PS：这里的ADMIN_TOKEN 是上面定义授权令牌时候生成的一串数字可以将上述编辑成以后文件之后source 这个文件创建admin租客# keystone tenant-create --name=admin --description="Admin Tenant"+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | Admin Tenant || enabled | True || id | 17d0aac7259c4f308c5ed81904e267f2 || name | admin |+-------------+----------------------------------+# keystone tenant-create --name=service --description="Service Tenant"+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | Service Tenant || enabled | True || id | 54a02d2556c1423eaee8a514da372e0f || name | service |+-------------+----------------------------------+PS：这里很有可能会报错，提示租户无法创建，重启keystone会解决问题Service openstack-keystone restartkeystone user-create --name=admin --pass=ADMIN_PASS\--email=****************ADMIN_PASS是你设置的秘密keystone user-create --name=admin --pass=PASSWORD\--email=****************5.6.创建服务与定义API endpointkeystone service-create --name=keystone --type=identity \ --description="Keystone Identity Service"+-------------+----------------------------------+| Property | Value | +-------------+----------------------------------+| description | Keystone Identity Service || id | 7711a2a72fb34caea36782f7cd669e03 | | name | keystone | | type | identity定义APIkeystone endpoint-create \--service-id=7711a2a72fb34caea36782f7cd669e03 \--publicurl=http://controller:5000/v2.0 \--internalurl=http://controller:5000/v2.0 \--adminurl=http://controller:35357/v2.0+-------------+----------------------------------+| Property | Value | +-------------+----------------------------------+| adminurl | http://controller:35357/v2.0 || id | e153f3c72b2544cf8f7f0bd557a62cad || internalurl | http://controller:5000/v2.0 || publicurl | http://controller:5000/v2.0 || region | regionOne | | service_id | 7711a2a72fb34caea36782f7cd669e03 |Vi 一个文件，包含以下内容export OS_USERNAME=adminexport OS_PASSWORD=PASSWORDexport OS_TENANT_NAME=adminexport OS_AUTH_URL=http://controller:35357/v2.0source 这个文件校验服务keystone user-list+----------------------------------+---------+--------------------+--------+ | id | enabled | email | name |+----------------------------------+---------+--------------------+--------+|a4c2d43f80a549a19864c89d759bb3fe|True|*****************|admin|说明配置正确出过出现报错，请查看/var/log/kestone 下的详细内容6.配置glance6.1.安装glance 组建# yum install openstack-glance修改配置文件openstack-config --set /etc/glance/glance-api.conf \DEFAULT sql_connection mysql://glance:PASSWORD@controller/glanceopenstack-config --set /etc/glance/glance-registry.conf \DEFAULT sql_connection mysql://glance:PASSWORD@controller/glance6.2.创建glance数据连接openstack-db --init --service glance --password PASSWORD6.3.keystone下定义名为glance的用户keystone user-create --name=glance --pass=PASSWORD -- email=******************添加roleskeystone user-role-add --user=glance --tenant=service --role=admin6.4.添加glance roleskeystone user-role-add --user=glance --tenant=service --role=admin6.5.配置imgae的服务的身份验证openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \auth_uri http://controller:5000openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \auth_host controlleropenstack-config --set /etc/glance/glance-api.conf keystone_authtoken \admin_tenant_name serviceopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken \admin_user glanceopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken \admin_password PASSWORDopenstack-config --set /etc/glance/glance-api.conf paste_deploy \flavor keystoneopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \auth_uri http://controller:5000openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \auth_host controlleropenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \admin_tenant_name serviceopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \admin_user glanceopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken \admin_password PASSWORDopenstack-config --set /etc/glance/glance-registry.conf paste_deploy \flavor keystone6.6.添加凭证到/etc/glance/glance-api-paste.ini 和/etc/6.7.glance/glance-registry-paste.inifiles.两个文件# cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini# cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.in 并且添加以下内容[filter:authtoken]paste.filter_factory=keystoneclient.middleware.auth_token:filter_factoryauth_host=controlleradmin_user=glanceadmin_tenant_name=serviceadmin_password=PASSWORD6.8.keysotne创建glance 服务# keystone service-create --name=glance --type=image \--description="Glance Image Service"+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | Glance Image Service || id | f7494dceb5ef46e7960827a0ecdde89e || name | glance || type | image |+-------------+----------------------------------+Keystone 创建glance的endpointkeystone endpoint-create \--service-id=f7494dceb5ef46e7960827a0ecdde89e \--publicurl=http://controller:9292 \--internalurl=http://controller:9292 \--adminurl=http://controller:9292+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| adminurl | http://controller:9292 || id | fe7cc75f8741455cb0688927845799b2 || internalurl | http://controller:9292 || publicurl | http://controller:9292 | +----+------+-------------+------------------+------+--------+| region | regionOne || service_id | f7494dceb5ef46e7960827a0ecdde89e |6.9.启动glance服务# service openstack-glance-api start# service openstack-glance-registry start# chkconfig openstack-glance-api on# chkconfig openstack-glance-registry on6.10.校验glance服务执行glance imgae-list 命令+----+------+-------------+------------------+------+--------+| ID | Name | Disk Format | Container Format | Size | Status |+----+------+-------------+------------------+------+--------+表示正常，如果有报错请查看var/log/glance下的详细内容7.安装nova 组建yum install openstack-nova python-novaclient修改配置文件openstack-config --set /etc/nova/nova.conf \database connection mysql://nova:PASSWORD@controller/nova配置使用messaging serveropenstack-config --set /etc/nova/nova.conf \DEFAULT rpc_backend mon.rpc.impl_qpidOpenstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller7.1.配置nova数据连接openstack-db --init --service nova --password PASSWORD配置my—IP vncserver listen 和vncserver_proxyclient_addressopenstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.205.177openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.205.177openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.205.1777.2.keysotne创建nova userkeystoneuser-create--name=nova--pass=*******************************+----------+----------------------------------+| Property | Value |+----------+----------------------------------+| email | ****************|| enabled | True || id | 0ab2486266cb40f4808b03cd0f99929c || name | nova |7.3.添加roleskeystone user-role-add --user=nova --tenant=service --role=admin7.4.配置计算服务的身份验证openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password PASSWORDvi /etc/nova/api-paste.initpaste.filter_factory = keystoneclient.middleware.auth_token:filter_factoryauth_host = controllerauth_port = 35357auth_protocol = httpauth_uri = http://controller:5000/v2.0admin_tenant_name = serviceadmin_user = novaadmin_password = PASSWORD7.5.keysotne创建nova servicekeystone service-create --name=nova --type=compute \--description="Nova Compute service"+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | Nova Compute service || id | 3b1a58f73d9d43e2807e8148448a333f || name | nova || type | compute |7.6.创建endpointkeystone endpoint-create \--service-id=3b2d8cd63d444ac4b7899e65eeb0021a \--publicurl=http://controller:8774/v2/%\(tenant_id\)s \--internalurl=http://controller:8774/v2/%\(tenant_id\)s \--adminurl=http://controller:8774/v2/%\(tenant_id\)s+-------------+-----------------------------------------+| Property | Value |+-------------+-----------------------------------------+| adminurl | http://controller:8774/v2/%(tenant_id)s || id | 01d675db4ef949a496fc7c603df6df8a || internalurl | http://controller:8774/v2/%(tenant_id)s || publicurl | http://controller:8774/v2/%(tenant_id)s || region | regionOne || service_id | 3b1a58f73d9d43e2807e8148448a333f |7.7.启动nova 的各项服务# service openstack-nova-api start# service openstack-nova-cert start# service openstack-nova-consoleauth start# service openstack-nova-scheduler start# service openstack-nova-conductor start# service openstack-nova-novncproxy start# chkconfig openstack-nova-consoleauth on# chkconfig openstack-nova-scheduler on# chkconfig openstack-nova-conductor on# chkconfig openstack-nova-novncproxy on7.8.校验nova 服务执行nova list 显示虚拟机等信息。