openstack组件手动部署整合

  1. 云栖社区>
  2. 博客>
  3. 正文

openstack组件手动部署整合

cloud_ruiy 2014-08-20 09:49:00 浏览724
展开阅读全文

preface:当你完全且正确的配置好整个OpenStack ENV

你将能看到的和体验到的!!!

我们先来看看简单效果吧,祝君能在这条路上走的更远,更好;

1,wget openstack icehouse Version yum repo;

https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm

2,在系统上部署好上rpm后,在你的系统/etc/yum.repo/下多了3个repo

foreman你应该懂的!很牛!

ntp(network time protocol)

随机密码openssl / certutil

3,mysql数据库配置

yum -y install mysql mysql-server MySQL-python (frontend)

yum -y install MySQL-python (backend Node)

数据库配置

4,安装yum priorities插件

yum install yum-plugin-priorities

5,epel

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

6,yum -y install openstack-utils

7,yum install openstack-selinux

8,yum -y upgrade & reboot

9,openStack messaging service configure;

 [Notes byRuiy:Openstack uses a message broker(消息代理,经纪人..) to coordinate operations(协调操作) and status information among services

  ]

  yum -y install qpid-cpp-server

  

  {Ruiy Notes:simplify installtion test environment,disable authencation}

  edit the /etc/qpidd.conf file and change the following key:

    auth = no

[乐一把,云中插曲!!]

hypervisors (KVM,XEN,VMWARE,POWER)and OS(90% linux or derivative)

cloud sepqrate roles:Frontend (execute the OpenNebula services GUI界面,云系统 or 虚拟化管理) and Nodes (一台搞性能物理机,跑某一种Hypervisors(KVM较主流 and 配置维护简单));

跑Hypervisor 物理机,虚拟化扩展支持?supports
virtualization extensions, please run?

grep -E "svm|vmx" /proc/cpuinfo;

网桥Bridge配置

Congratulations, now you are ready to install OpenStack services!

咱,言归正传!,接着搞!!

<1,安装认证服务 Identity Service -->keystone>

主要需要细心操作的有define users,tenants,and roles

  define services and API endpoints <众所周知,OpenStack 设计之初面向的就是公有云,租户,用户的安全性重中之重啊!>

identityService功能:

user management,tracks users and their permissions

service catalog,provides a catalog of available services with their API endpoints;

Endpoint(a network-accessible address,usually described by a URL)

yum install openstack-keystone python-keystoneclient

配置keystone使用mysql存储配置信息

这个是错误的,请注意--;

 openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:321@ruiy.openstack.cc/keystone
mysql://keystone:321@ruiy.openstack.cc/keystone

connection = MysqlUserName:MysqlUserNamePasswd@Mysql主机系统名即FQDN/keystone服务存储信息所有的数据库的库名称;

同步keystone 数据到mysql数据库的命令是下面截图语句,经过一番折腾啊!

http://wiki.incloudus.com/display/OP/Nova

一直以来,openstack-keystone服务器起不来,原来是/var/log/keystone 日志文件的权限不对,卧槽,折腾啊,这是唱的 那一出,难道keystone bug!,我去!

上面一大楼都是扯淡的话!,我都没放心上,咱接着搞,继续;

3,define an authorization token to use as a shared secret between the identity service and other Openstack service,use openssl to generate a random token and store it in the configuration file;

echo $ADMIN_TOKEN = a40b81a0c7373a4422eb

 4,配置keystone uses PKI tokens,create the signing keys and certificates and restrict access to the generated data;

 5,性能优化,清除过期的 expire token

6,define users,tenants and roles

设置OS_SERVICE_TOKEN,OS_SERVICE_ENDPOINT系统变量;

创建管理员用户;

创建角色及租户;

keystone数据库中存储的信息;

集成user,role tenant;

创建普通用户

集成demo user demo tenant到_member_ role;

创建服务租户

7,定义服务和API endpoint;

keystone service-create,describes the service

keystone endpoint-create associates API endpoints with the service;

 

临时设置的环境变量,我这里是之前环境没配置好,机器重启了,一会这些环境变量我们会放到/etc/profile or 放到一个shell脚本中维护;

没插入API endpoint前

插入API endpoint后

specify an API endpoint for the identity service by using the returned service IS,when you specify an endpoint,you provide URLs for the public API,internal API,and admin API,In this guide,the * hostName is used,Note that the identity service uses a different port for the admin API

8,verify the identity service installation

  to verify that the identity service is installed and configured correctly,clear the values in the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables

these variables,which ware used to bootstrap the administrative user and register the identity service,are no longer needed;

you can now use regular user name-based authentication

request a authentication token by using the admin user and the password you chose for that user

tanant token-get

设置 --os-* variables in your environment to simplify command-line usage setup a admin-openrc.sh file with the admin credentials and admin endpoint

keystone token-get


<二,openStack client install and configure>

use the openstack command-line clients to run simple commands that make API calls;

OpenStack 客户端组件(components)一览,请注意此处非指OStack服务组件哦,亲!

install the openstack command-line clients;

prerequisite software and python package for each openstack client;

KeyboardInterrupt

prerequisite software;

python2.6 or later>

setuptools

pip

综上我们可以使用pip安装所有的openStack组件

PIP(Python Index Package);

pip enables you to update or remove a package

pip install python-PROJECTclient

Python Index Package
pip upgrade or remove OpenStack commonpoents;
  1,upgrade
    pip install --upgrade python-PROJECTclient
  2,remove
    pip uninstall python-PROJECTclient

set environment variables using the openstack RC file;

Override environment variable values

keystone --os-password PASSWORD service-list;

在执行过程中--os--参数 先以命令行提供的优先级最高,没提供的而且又必须提供的则到rc文件中找,找到,呵呵,找不到,则哇哇流泪!

admin-openrc.sh for the administrative user

demo-openrc.sh for the normal user;

<三,Ostack image service ->> glance ins>

 OpenStack image service enables users to discover,register,and retrieve virtual machine images.image service offer a REST API that enables you to query virtual machine image metadata and retrieve an actual image;

在这里我们的demo Environment

 image service to use the file backend,this means that images uploaded to the image service are stored in a directory on the same system that hosts the service,by default,that directory is : /var/lib/glance/images/;

此处到我们来玩转Openstack (image service)的时候了

  glance-api: accepts image API calls for image discover,retrieval,and storage;

  glance-registry: stores,processes,and retrieves metadata about images,Metadata includes items such as size and type;

我们大家应该已经发现OpenStack 包组件的一些规律了(服务核心组件和客户端组件命名)

openStack核心组件命名 openstack-keystone(认证服务器) or openstack-glance(镜像服务器)

  客户端组件包命名 python-glanceclient or python-keystoneclient....;

database,stores image metadata.you can chose your database depending on your preference,most deployments Mysql or SQLite;

storage repository for image files.image service supports a variety of repositories including normal file systems,object storage,RADOS block devices,http and amazon s3 some types of repositories support only read-only usage;

Use
snapshots for back up and as templates to launch new servers

配置镜像服务器使用message broker,还记得前面我们用的是哪个message了吧?