【转】Ubuntu12.04 OpenStack Folsom 安装（VLAN模式）

Ubuntu12.04 OpenStack Folsom 安装（VLAN模式）

 本博客欢迎转发，但请保留原作者（新浪微博：@孔令贤HW；博客地址：http://blog.csdn.net/lynn_kong）信息！内容系本人学习、研究和总结，如有雷同，实属荣幸！

更新日志：
2013.2.27  修改控制节点安装quantum时，对bridge_mappings的处理 
2013.3.11  修改安装cinder时对开机挂载的处理

 

这篇文章基本是照搬沙克的安装教程，但做了一些小小的改动以及我安装过程中出现的问题及解决方法（比如安装mysql后普通用户登陆失败和安装OVS后出现的问题等等）。原帖地址：http://www.chenshake.com/openstack-folsom-install-guide-vlan-mode/

Openstack Folsom 安装比较复杂，尤其是Quantum部分，新的内容很多。Quantum的租户网络有两种模式：GRE和VLAN模式，这两种方式配置有很大的区别，一个明显的区别就是控制节点，Vlan模式2块网卡，GRE模式需要3块网卡。

英文原文

我基本会参考原文做翻译，下面的和原文差异的地方

1.    我的网络会会原文不同, 文档我会在真实的环境下验证，由于每个人的网络基本都是不一样，所以文档和IP相关的地方，我基本采用变量，比较灵活的方式，大家可以用sed命令实现修改。很多朋友安装不成功，基本都是因为更换IP，导致有地方没修改，所以提供sed的命令修改。

2.    对原文提供的两个keystone导入数据的脚本做了细微的修改，主要是采用变量，让他更加灵活。

3.    mysql直接采用IP访问，而不是localhost

4.    keystone的token采用随机生成，而不是password

 

介绍

	控制节点（2块网卡）	计算节点（2块网卡）
管理网络（eth0）	182.168.61.24/24	182.168.61.22/24
	182.168.61.25/24	182.168.61.26/24
hostname	controller	compute1
服务	MySQL RabbitMQ Nova Glance Keystone Quantum	kvm quantum client nova-compute

 

要求

1.    控制节点和计算节点需要2块网卡，计算节点需要支持虚拟化

2.    全部的命令都是在root下运行

 

 

控制节点

操作系统

安装ubuntu 12.04.1 Server版本，最小化安装，只需要安装SSH server就可以。Cinder 需要一个单独的分区或者硬盘。可以在安装时创建LVM，在安装cinder时修改卷组的名称即可。

源

目前Folsom进入ubuntu 12.04的官方的源，不过需要你手工添加。
cat <<EOF >>/etc/apt/sources.list
deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/folsom main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main
EOF
运行下面命令
apt-get install ubuntu-cloud-keyring
apt-get update && apt-get -y dist-upgrade

（2012.12.20添加下面内容）
如果出现perl: warning: Setting locale failed告警提示，解决方法如下：
vi /root/.bashrc
再最底部加上
export LC_ALL=C
或者直接运行
echo "export LC_ALL=C" >> /root/.bashrc
然后执行一下：
source /root/.bashrc
（2012.12.20添加下面内容）
如果apt-get update更新失败，尝试将目录/var/lib/apt/lists/下文件删除后重试。

Hostname设置（可选）

# cat /etc/hostname
controller

# cat /etc/hosts
127.0.0.1       localhost
182.168.61.24      controller.konglingxian.com        controller
182.168.61.22      compute1.konglingxian.com     compute1

# hostname
controller

# hostname -f
controller.konglingxian.com

网络

直接设置 /etc/network/interfaces
# cat /etc/network/interfaces
# This file describes network interfaces avaiulable on your system
# and how to activate them. For more information, see interfaces(5).
# Modified by convert_static.sh.
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 182.168.61.24
        netmask 255.255.255.0
        network 182.168.61.0
        broadcast 182.168.61.255
        gateway 182.168.61.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 182.168.61.1
        dns-search controller.konglingxian.com

auto eth1
iface eth1 inet static
address 182.168.61.25
netmask 255.255.255.0

重启服务
/etc/init.d/networking restart
设置IP转发
sed -i -r 's/^\s*#(net\.ipv4\.ip_forward=1.*)/\1/' /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward
检查修改结果
# sysctl -p
net.ipv4.ip_forward = 1

NTP服务器

如果没有安装NTP，先安装：apt-get install ntp，编辑 /etc/ntp.conf ，在 server ntp.ubuntu.com 下添加两行
server ntp.ubuntu.com
server 127.127.1.0
fudge 127.127.1.0 stratum 10
或者直接运行下面命令
sed -i 's/server ntp.ubuntu.com/server ntp.ubuntu.com\nserver 127.127.1.0\nfudge 127.127.1.0 stratum 10/g' /etc/ntp.conf
重启NTP服务
service ntp restart

环境变量

cat >/root/novarc <<EOF
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=Galax8800
export MYSQL_PASS=Galax8800
export SERVICE_PASSWORD=Galax8800
export RABBIT_PASSWORD=Galax8800
export FIXED_RANGE=10.0.0.0/24
export FLOATING_RANGE=$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":" | awk -F "."'{print $1"."$2"."$3}').245/29
export OS_AUTH_URL="http://localhost:5000/v2.0/"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
export SERVICE_TOKEN=$(openssl rand -hex 10)
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
export LOCAL_IP="$(/sbin/ifconfig eth1 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF

你可以根据你的需要调整用户的密码。
source ~/novarc
echo "source ~/novarc">>.bashrc

Mysql

下面是我们需要用到的数据库

数据库	用户	密码
mysql	root	Galax8800
nova	nova	Galax8800
keystone	keystone	Galax8800
glance	glance	Galax8800
cinder	cinder	Galax8800
quantum	quantum	Galax8800

 

安装

设置自动安装，无需输入密码
cat <<MYSQL_PRESEED | debconf-set-selections
mysql-server-5.5 mysql-server/root_password password $MYSQL_PASS
mysql-server-5.5 mysql-server/root_password_again password $MYSQL_PASS
mysql-server-5.5 mysql-server/start_on_boot boolean true
MYSQL_PRESEED

安装mysql
apt-get -y install mysql-server python-mysqldb

设置

运行远程访问mysql
sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
重启服务
service mysql restart

创建数据库

mysql -uroot -p$MYSQL_PASS <<EOF
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%'IDENTIFIED BY '$MYSQL_PASS';
CREATE DATABASE quantum;
GRANT ALL PRIVILEGES ON quantum.* TO 'quantum'@'%'IDENTIFIED BY '$MYSQL_PASS';
FLUSH PRIVILEGES;
EOF

添加用户后需要以root身份登录数据库，执行以下操作才能使新用户生效！
use mysql;
delete from user where user='';
FLUSH PRIVILEGES;

如果要在本机用数据库连接工具连接mysql（比如Navicat），则需要以root登录数据库后执行：
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'Galax8800';
FLUSH PRIVILEGES;

RabbitMQ

安装

apt-get -y install rabbitmq-server

设置

修改默认密码
我们把默认密码 guest，改成Galax8800
rabbitmqctl change_password guest $RABBIT_PASSWORD

Keystone

安装

apt-get -y install keystone python-keystone python-keystoneclient

配置

编辑 /etc/keystone/keystone.conf
[DEFAULT]
admin_token = d111cf2d97251a9e0422
bind_host = 0.0.0.0
public_port = 5000
admin_port = 35357
compute_port = 8774
verbose = True
debug = True
log_file = keystone.log
log_dir = /var/log/keystone
log_config = /etc/keystone/logging.conf
[sql]
connection = mysql://keystone:Galax8800@10.1.199.58:3306/keystone
idle_timeout = 200
或者直接运行下面脚本
sed -i -e " s/# admin_token = ADMIN/admin_token = $SERVICE_TOKEN/g; s/# bind_host = 0.0.0.0/bind_host = 0.0.0.0/g; s/# public_port = 5000/public_port = 5000/g; s/# admin_port = 35357/admin_port = 35357/g; s/# compute_port = 8774/compute_port = 8774/g; s/# verbose = True/verbose = True/g; s/# idle_timeout/idle_timeout/g" /etc/keystone/keystone.conf
使用mysql数据库
sed -i '/connection = .*/{s|sqlite:///.*|mysql://'"keystone"':'"$MYSQL_PASS"'@'"$MASTER"'/keystone|g}' /etc/keystone/keystone.conf

重启服务和初始化数据库
service keystone restart
keystone-manage db_sync
导入keystone数据
keystone-data.sh
wget http://www.chenshake.com/wp-content/uploads/2012/09/keystone-data.sh_.txt
mv keystone-data.sh_.txt keystone-data.sh
bash keystone-data.sh
导入endpoint
keystone-endpoints.sh
wget http://www.chenshake.com/wp-content/uploads/2012/09/keystone-endpoints.sh_.txt
mv keystone-endpoints.sh_.txt keystone-endpoints.sh
bash keystone-endpoints.sh

Glance

安装

apt-get -y install glance glance-api python-glanceclient glance-common

配置

编辑/etc/glance/glance-api.conf 和 /etc/glance/glance-registry.conf ,两个文件，都是修改4个地方
sql_connection = mysql://glance:Galax8800@10.1.199.58/glance
admin_tenant_name = service
admin_user = glance
admin_password = Galax8800
或者直接运行下面脚本实现
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/glance/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"glance"':'"$MYSQL_PASS"'@'"$MASTER"'/glance|g}' /etc/glance/glance-registry.conf /etc/glance/glance-api.conf
编辑 /etc/glance/glance-api.conf
#notifier_strategy = noop
notifier_strategy = rabbit

#rabbit_password = guest
rabbit_password = Galax8800
运行下面命令进行修改
sed -i " s/notifier_strategy = noop/notifier_strategy = rabbit/g;s/rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g;" /etc/glance/glance-api.conf
运行下面命令
cat <<EOF >>/etc/glance/glance-api.conf
flavor = keystone+cachemanagement
EOF

cat <<EOF >>/etc/glance/glance-registry.conf
flavor = keystone
EOF

重启服务
service glance-api restart && service glance-registry restart
同步数据库
glance-manage db_sync
下载Image
我们下载CirrOS的image作为测试使用，只有10M。如果是ubuntu官方的image，220M，并且ubuntu官方的image，都是需要使用密钥登陆。
CirrOS
下载image
wget https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img
上传image
glance image-create --name=cirros-0.3.0-x86_64 --public  --container-format=bare \
--disk-format=qcow2 < /root/cirros-0.3.0-x86_64-disk.img
Cirros，是可以使用用户名和密码登陆，也可以使用密钥登陆
user:cirros
password:cubswin:)
 
Ubuntu官方image
下载image
wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img
上传image
glance image-create --name="Ubuntu 12.04 cloudimg amd64" --public \
--container-format=ovf --disk-format=qcow2 < /root/precise-server-cloudimg-amd64-disk1.img
user：ubuntu
只能使用密钥登陆。

测试

查看image
glance image-list
查看image详细信息
glance image-show 12e2b864-9601-4506-b19d-3f663c0b2e15

Nova

安装

apt-get -y install nova-api nova-cert nova-common nova-scheduler python-nova python-novaclient nova-consoleauth novnc nova-novncproxy

配置

编辑 /etc/nova/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 182.168.61.24
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = Galax8800
signing_dirname = /tmp/keystone-signing-nova
或者直接运行命令
sed -i -e "s/127.0.0.1/$MASTER/g; s/%SERVICE_TENANT_NAME%/service/g;  s/%SERVICE_USER%/nova/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/nova/api-paste.ini
创建 /etc/nova/nova.conf 文件，直接copy下面的命令，运行就可以。
cat >/etc/nova/nova.conf <<EOF
[DEFAULT]
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/run/lock/nova
verbose=False
api_paste_config=/etc/nova/api-paste.ini
scheduler_driver=nova.scheduler.simple.SimpleScheduler
s3_host=$MASTER
ec2_host=$MASTER
ec2_dmz_host=$MASTER
rabbit_host=$MASTER
rabbit_password=$RABBIT_PASSWORD
cc_host=$MASTER
nova_url=http://$MASTER:8774/v1.1/
sql_connection=mysql://nova:$MYSQL_PASS@$MASTER/nova
ec2_url=http://$MASTER:8773/services/Cloud
root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

# Auth
use_deprecated_auth=false
auth_strategy=keystone
keystone_ec2_url=http://$MASTER:5000/v2.0/ec2tokens
# Imaging service
glance_api_servers=$MASTER:9292
image_service=nova.image.glance.GlanceImageService

# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://$MASTER:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=127.0.0.1
vncserver_listen=0.0.0.0

# Network settings
network_api_class=nova.network.quantumv2.api.API
quantum_url=http://$MASTER:9696
quantum_auth_strategy=keystone
quantum_admin_tenant_name=service
quantum_admin_username=quantum
quantum_admin_password=$SERVICE_PASSWORD
quantum_admin_auth_url=http://$MASTER:35357/v2.0
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver

# Compute #
compute_driver=libvirt.LibvirtDriver

# Cinder #
volume_api_class=nova.volume.cinder.API
osapi_volume_listen_port=5900
EOF
同步数据库
nova-manage db sync
重启服务
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-novncproxy restart
或者
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
检查服务
nova-manage service list

 

Open-vSwitch

安装

apt-get install -y openvswitch-switch

安装过程中可能会有：Error! Your kernel headers for kernel 3.2.0-23-generic-pae cannot be found的提示，执行以下命令安装即可：
apt-get install linux-headers-3.2.0-23-generic-pae

配置

设置网络
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth1
ovs-vsctl add-br br-int
大家可以通过下面命令来查看你创建的效果, 具体的用途,正在学习中.
ovs-vsct -h
ovs-vsctl list-br
ovs-vsctl show
 安装完OVS，执行ovs-vsctl add-br br-ex出现错误“connection to /var/run/openvswitch/db.sock failed: No such file or directory”的解决方法：
（参考网址：https://answers.launchpad.net/quantum/+question/210248）
1. apt-get autoremove openvswitch-datapath-dkms
2. kernel_version=`cat /proc/version | cut -d " " -f3`^C
3. apt-get install make fakeroot dkms openvswitch-switch openvswitch-datapath-dkms linux-headers-$kernel_version

Quantum

安装

apt-get -y install quantum-server python-cliff  quantum-plugin-openvswitch-agent  quantum-l3-agent quantum-dhcp-agent python-pyparsing

配置

编辑 /etc/quantum/quantum.conf
auth_strategy = keystone
fake_rabbit = False
rabbit_host = 182.168.61.24
rabbit_password = Galax8800
或者运行下面命令
sed -i -e " s/# auth_strategy/auth_strategy/g; s/# fake_rabbit/fake_rabbit/g; s/# rabbit_host = localhost/rabbit_host = $MASTER/g; s/# rabbit_password = guest/rabbit_password = $RABBIT_PASSWORD/g" /etc/quantum/quantum.conf
编辑 /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
#Under the database section
[DATABASE]
sql_connection = mysql://quantum:Galax8800@10.1.199.58/quantum

#Under the OVS section
[OVS]
tenant_network_type=vlan
network_vlan_ranges = physnet1:1:4094
或者运行下面命令
sed -i -e " s/# Example: tenant_network_type = gre/tenant_network_type = vlan/g; s/# Example: network_vlan_ranges = physnet1:1000:2999/network_vlan_ranges = physnet1:1:4094/g" /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i '/sql_connection = .*/{s|sqlite:///.*|mysql://'"quantum"':'"$MYSQL_PASS"'@'"$MASTER"'/quantum|g}' /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
sed -i "s/# Example: bridge_mappings/bridge_mappings/" /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
编辑 /etc/quantum/l3_agent.ini 和 /etc/quantum/api-paste.ini
[DEFAULT]
admin_tenant_name = service
admin_user = quantum
admin_password = Galax8800
或者运行下面命令
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/quantum/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/quantum/l3_agent.ini  /etc/quantum/api-paste.ini
重启服务
service quantum-server restart
service quantum-plugin-openvswitch-agent restart
service quantum-dhcp-agent restart
service quantum-l3-agent restart 

Cinder

安装

apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget \
open-iscsi iscsitarget-dkms python-cinderclient

配置

分区
我的硬盘专门一个分区给volume使用
umount /dev/sda5
pvcreate /dev/sda5
vgcreate cinder-volumes /dev/sda5
如果在安装系统时已经创建了LVM卷组，则使用LVM命令修改卷组名称即可。
去掉开机挂载
sed -i '/dev\/mapper/s/^/#/g' /etc/fstab
iscsi
sed -i 's/false/true/g' /etc/default/iscsitarget

service iscsitarget restart
service open-iscsi restart
编辑 /etc/cinder/cinder.conf ,直接运行下面命令就可以.
cat >/etc/cinder/cinder.conf <<EOF
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
sql_connection = mysql://cinder:$MYSQL_PASS@$MASTER:3306/cinder
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = ietadm
volume_group = cinder-volumes
volume_name_template = volume-%s
rabbit_password = $RABBIT_PASSWORD
logdir = /var/log/cinder
verbose = False
auth_strategy = keystone
EOF
编辑 /etc/cinder/api-paste.ini
admin_tenant_name = service
admin_user = cinder
admin_password = Galax8800
或者用下面命令
sed -i -e " s/%SERVICE_TENANT_NAME%/service/g; s/%SERVICE_USER%/cinder/g; s/%SERVICE_PASSWORD%/$SERVICE_PASSWORD/g; " /etc/cinder/api-paste.ini
同步数据库
cinder-manage db sync
重启服务
service cinder-api restart
service cinder-scheduler  restart
service cinder-volume restart 

运行下面的命令增加开机延迟，避免出现initramfs的情况：
sed -i '/GRUB_CMDLINE_LINUX_DEFAULT/c\GRUB_CMDLINE_LINUX_DEFAULT="rootdelay=600"' /etc/default/grub
update-grub

Horizon

安装

apt-get -y install apache2 libapache2-mod-wsgi openstack-dashboard memcached python-memcache

配置

编辑 /etc/openstack-dashboard/local_settings.py，删除ubuntu主题，默认的主题有问题，注释掉下面内容
#Comment these lines
#Enable the Ubuntu theme if it is present.
#try:
#    from ubuntu_theme import *
#except ImportError:
#    pass
重启服务
service apache2 restart; service memcached restart

访问

http://182.168.61.24/horizon
user：admin
pass：Galax8800
或者
user:demo
pass:Galax8800
看一下中文的Dashboard，由于在控制节点没有安装计算服务，所以你是无法创建虚拟机。

计算节点

操作系统

操作系统最小化安装，ssh server就可以。

源

添加Folsom源
cat <<EOF >>/etc/apt/sources.list
deb  http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/folsom main
deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main
EOF
运行下面命令
apt-get install ubuntu-cloud-keyring
apt-get update && apt-get -y dist-upgrade

网络

# cat /etc/network/interfaces
# This file describes network interfaces avaiulable on your system
# and how to activate them. For more information, see interfaces(5).
# Modified by convert_static.sh.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
        address 182.168.61.22
        netmask 255.255.255.0
        network 182.168.61.0
        broadcast 182.168.61.255
        gateway 182.168.61.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 182.168.61.1
        dns-search compute1.konglingxian.com

# VMs Networks with OVS in tunnel mode
auto eth1
    iface eth1 inet static
    address 182.168.61.26
    netmask 255.255.255.0
重启网络
/etc/init.d/networking restart
IP转发
sed -i -r 's/^\s*#(net\.ipv4\.ip_forward=1.*)/\1/' /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward

环境变量

cat >/root/novarc <<EOF
export CONTROLLER_IP=182.168.61.24
export MASTER="$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
export LOCAL_IP="$(/sbin/ifconfig eth1 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"
EOF
你根据你的情况，调整控制节点的IP
source ~/novarc
echo "source ~/novarc">>.bashrc

NTP

apt-get -y install ntp
设置
编辑 /etc/ntp.conf, 指向控制节点
server 182.168.61.24
或者运行命令
sed -i -e " s/server ntp.ubuntu.com/server $CONTROLLER_IP/g" /etc/ntp.conf
重启服务
service ntp restart

Hypervisor

apt-get install -y kvm libvirt-bin pm-utils
编辑 /etc/libvirt/qemu.conf ，添加下面内容
cgroup_device_acl = [
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
    "/dev/rtc", "/dev/hpet","/dev/net/tun",
]
或者运行命令：这个地方用命令修改有点复杂，还没找到太好的办法。
cat <<EOF>>/etc/libvirt/qemu.conf
cgroup_device_acl = [
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
    "/dev/rtc", "/dev/hpet","/dev/net/tun",
]
EOF

删除默认 virtual bridge
virsh net-destroy default
virsh net-undefine default

允许迁移
编辑 /etc/libvirt/libvirtd.conf, 去掉这三行的注释
listen_tls = 0
listen_tcp = 1
auth_tcp = "none"
或者运行下面命令
sed -i '/#listen_tls/s/#listen_tls/listen_tls/; /#listen_tcp/s/#listen_tcp/listen_tcp/; /#auth_tcp/s/#auth_tcp/auth_tcp/; /auth_tcp/s/sasl/none/'  /etc/libvirt/libvirtd.conf
编辑 /etc/init/libvirt-bin.conf
env libvirtd_opts="-d -l"
或者使用命令
sed -i '/env libvirtd_opts/s/-d/-d -l/' /etc/init/libvirt-bin.conf
编辑 /etc/default/libvirt-bin
libvirtd_opts="-d -l"
或者使用命令
sed -i '/libvirtd_opts/s/-d/-d -l/' /etc/default/libvirt-bin
重启服务
service libvirt-bin restart

Open-vSwitch

apt-get install -y openvswitch-switch
创建bridge
ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth1
ovs-vsctl add-port br-eth1 eth1

Quantum

apt-get -y install quantum-plugin-openvswitch-agent
编辑 /etc/quantum/quantum.conf , 修改和控制节点一样，直接从控制直接复制过来
scp root@$CONTROLLER_IP:/etc/quantum/quantum.conf /etc/quantum/quantum.conf
编辑 /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini，可以从控制节点copy过来
scp root@$CONTROLLER_IP:/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini
启动agent
service quantum-plugin-openvswitch-agent restart

Nova

apt-get -y install nova-api-metadata nova-compute-kvm novnc nova-novncproxy
编辑 /etc/nova/api-paste.ini
[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 182.168.61.24
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = nova
admin_password = Galax8800
signing_dirname = /tmp/keystone-signing-nova
或者运行下面命令,直接从控制节点复制过来就可以。
scp root@$CONTROLLER_IP:/etc/nova/api-paste.ini /etc/nova/
编辑 /etc/nova/nova-compute.conf
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
或者运行下面命令
cat > /etc/nova/nova-compute.conf <<EOF
[DEFAULT]
libvirt_type=kvm
libvirt_ovs_bridge=br-int
libvirt_vif_type=ethernet
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
libvirt_use_virtio_for_bridges=True
EOF
编辑 /etc/nova/nova.conf。我们可以从控制节点copy过来修改
scp root@$CONTROLLER_IP:/etc/nova/nova.conf /etc/nova/nova.conf
修改vnc
# Vnc configuration
novnc_enabled=true
novncproxy_base_url=http://182.168.61.24:6080/vnc_auto.html
novncproxy_port=6080
vncserver_proxyclient_address=182.168.61.22
vncserver_listen=182.168.61.22

或者使用下面命令修改
sed -i 's/^vncserver_proxyclient_address.*$/vncserver_proxyclient_address='"$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"'/g' /etc/nova/nova.conf
sed -i 's/^vncserver_listen.*$/vncserver_listen='"$(/sbin/ifconfig eth0 | awk '/inet addr/ {print $2}' | cut -f2 -d ":")"'/g' /etc/nova/nova.conf

重启服务
service nova-api-metadata restart
service nova-novncproxy restart
service nova-compute restart
或者
cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; done
查看服务
nova-manage service list

租户网络

这部门目前没用脚本来实现，也就只能step by step。不过这个过程，倒是可以帮助你深入了解一下quantum。下面的步骤，大家需要小心就可以。我验证过一次。
查看member roles ID
keystone role-list
查看service 租户的ID
keystone tenant-list
创建一个租户
keystone tenant-create --name project_one
创建一个用户：user_one，roles是成员角色
keystone user-create --name=user_one --pass=user_one --tenant-id $put_id_of_project_one --email=user_one@domain.com
keystone user-role-add --tenant-id $put_id_of_project_one  --user-id $put_id_of_user_one --role-id $put_id_of_member_role
为该租户创建一个网络
quantum net-create --tenant-id $put_id_of_project_one net_proj_one --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 1024
为租户创建一个子网
quantum subnet-create --tenant-id $put_id_of_project_one net_proj_one 10.10.10.0/24
为租户创建一个路由
quantum router-create --tenant_id $put_id_of_project_one router_proj_one
路由和网络进行关联
quantum router-interface-add $put_router_proj_one_id_here $put_subnet_id_here
创建外部网络（service 租户的ID，通过 keystone tenant-list 查看）
quantum net-create --tenant-id $put_id_of_service_tenant ext_net --router:external=True
编辑/etc/quantum/l3_agent.ini
gateway_external_network_id = $id_of_ext_net
router_id = $your_router_id
设置floating IP
quantum subnet-create --tenant-id $put_id_of_service_tenant --gateway 182.168.61.1 ext_net 182.168.61.245/29 --enable_dhcp=False
设置外部网络路由
quantum router-gateway-set $put_router_proj_one_id_here $put_id_of_ext_net_proj_one_here
更新br-ex
ip addr flush dev br-ex
ip addr add 182.168.61.245/29 dev br-ex
ip link set br-ex up

评论

1 楼 rubbishcan 2013-09-02  

令贤兄，您好！
 
    基本上每天都看您的文章，非常幸运在学习openstack的过程中，能够在网络上看到这么好的博客资源！

    对于openstack，我学了一个多月了，看了很多文档，好像有点明白，但动起手来又感觉差距还很远！

    您这篇博文中，在控制节点中，您安装了quantum-plugin-openvswitch-agent，这个plugin-agent需要安装在控制节点中吗？

    我的理解是，quantum-plugin-openvswitch-agent是由quantum-server通过API来调用的，而在控制节点中，创建的网络只需要ovs-vsctl命令创建，再加上简单的配置即可！而quantum-plugin-openvswitch-agent是运行在计算机点上的一个ovs代理服务，为VM创建虚拟网络的！

    小弟刚刚毕业，进入IT行业，虽然跟之前学的专业差距很大，但像您一篇博客中的文章说的，基本上每天打开电脑都能看见自己感兴趣的东西！由于是个新手，对于很多别人看起来很简单的东西，我都要反复的看资料来确认一下，怕自己对某些东西的理解有概念性错误！所以这个小小的问题，还望您帮忙指点一下！