12 3 4 5 / 5 页下一页

[OpenStack] 跟着官方文档一步一步架设openstack [复制链接]

milujite

小富即安

论坛徽章:: 7

电梯直达

1楼 [收藏(0)] [报告]

发表于 2013-11-27 23:29 |只看该作者 |倒序浏览

本帖最后由 milujite 于 2014-02-10 08:49 编辑

好久没折腾了，最近突然兴起，决定折腾一把openstack havana，目前openstack还是官方第一手资料比较先进，打算跟着官方文档，一步一步架设openstack。并将整个过程整理出来。
11月27日：经历了两个晚上，终于将keystone，glance，nova部属完成
12月9日：回家了一周，今天回来迫不及待开机，完成dashboard安装配置
12月18日：玩了几天游戏，今天在办公室用teamview连接到家里电脑，完成了cinder block service，新增一台vmware虚拟机，作为block存储节点。
2月10日：最近很忙，换工作，婚嫁，驾考都搞在一起了，回头继续更新

文章如果被转载请注明出处http://bbs.chinaunix.net/forum.p ... ;extra=#pid24064569

文库|博客

milujite

小富即安

论坛徽章:: 7

2楼 [报告]

发表于 2013-11-27 23:30 |只看该作者

先上openstack架构图

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

3楼 [报告]

发表于 2013-11-27 23:32 |只看该作者

本帖最后由 milujite 于 2013-12-18 14:14 编辑

12月18日新增一个vmware虚拟机作为cinder服务器

我的实验环境：我的实验环境比较简单，自己的台式机电脑，controller和hypervisor都部署在vmware workstation里，每台虚拟机配置如下：
　　CPU：2*2
　　内存：2048MB
　　硬盘：16GB
　　CPU设置：

OS Version：RHEL 6.4 x86_64
Controller：eth0:192.168.1.100/24 eth1:192.168.2.100/24
Hypervisor：eth0:192.168.1.101/24 eth1:不配置
Block：eth0:192.168.1.102/24 eth1:不配置
GATEWAY：192.168.1.1
DNS：8.8.8.8
Openstack Version：openstack-havana
官方文档链接：http://docs.openstack.org/havana ... nstall/yum/content/

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

4楼 [报告]

发表于 2013-11-27 23:34 |只看该作者

本帖最后由 milujite 于 2013-12-18 14:17 编辑

12月18日新增准备工作关闭SELINUX

第一章：安装前的准备工作：
关闭 selinux

[root@openstack ~]# vi /etc/selinux/config
SELINUX=disabled

复制代码

配置hosts

[root@openstack ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.1.100 openstack
192.168.1.101 node01
192.168.1.102 storage

复制代码

配置源

[root@openstack ~]# vi /etc/yum.repo.d/rhel-epel.repo
[RHEL-epel]
name=epel
baseurl=http://dl.fedoraproject.org/pub/epel/6/x86_64/
enabled=1
gpgcheck=0
[root@openstack ~]# vi /etc/yum.repo.d/openstack-hanava.repo
[openstack-havana]
name=OpenStack Havana Repository for EPEL 6
baseurl=http://repos.fedorapeople.org/repos/openstack/openstack-havana/epel-6
enabled=1
gpgcheck=0

复制代码

挂载iso到/iso目录，并设置以下源：

[root@openstack ~]# vi /etc/yum.repos.d/rhel-iso.repo
[RHEL-Server]
name=Red Hat Enterprise Linux $releasever - $basearch - Server
baseurl=file:///iso/Server
enabled=1
gpgcheck=0
[RHEL-HighAvailability]
name=Red Hat Enterprise Linux $releasever - $basearch - HighAvailability
baseurl=file:///iso/HighAvailability
enabled=1
gpgcheck=0
[RHEL-LoadBalancer]
name=Red Hat Enterprise Linux $releasever - $basearch - LoadBalancer
baseurl=file:///iso/LoadBalancer
enabled=1
gpgcheck=0
[RHEL-ScalableFileSystem]
name=Red Hat Enterprise Linux $releasever - $basearch - ScalableFileSystem
baseurl=file:///iso/ScalableFileSystem
enabled=1
gpgcheck=0
[RHEL-ResilientStorage]
name=Red Hat Enterprise Linux $releasever - $basearch - ResilientStorage
baseurl=file:///iso/ResilientStorage
enabled=1
gpgcheck=0

复制代码

ntp服务：

[root@openstack ~]# yum install ntp
[root@openstack ~]# /etc/init.d/ntpd start
[root@openstack ~]# chkconfig ntpd on

复制代码

每台机器都需要以上配置

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

5楼 [报告]

发表于 2013-11-27 23:35 |只看该作者

本帖最后由 milujite 于 2013-11-28 00:28 编辑

第二章：MYSQL 部署：

[root@openstack ~]# yum install mysql mysql-server mysql-python
[root@openstack ~]# /etc/init.d/mysqld start
[root@openstack ~]# chkconfig mysqld on
[root@openstack ~]# /usr/bin/mysqladmin -u root password 'openstack'
[root@openstack ~]# mysql -uroot -p
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> update user set password=PASSWORD('openstack') where user='root';
Query OK, 2 rows affected (0.00 sec)
Rows matched: 3 Changed: 2 Warnings: 0
mysql> select user,password,host from user;
+------+-------------------------------------------+-----------+
| user | password | host |
+------+-------------------------------------------+-----------+
| root | *3A4A03AC22526F6B591010973A741D59A71D728E | localhost |
| root | *3A4A03AC22526F6B591010973A741D59A71D728E | openstack |
| root | *3A4A03AC22526F6B591010973A741D59A71D728E | 127.0.0.1 |
| | | localhost |
| | | openstack |
+------+-------------------------------------------+-----------+
5 rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
[root@openstack ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank,so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL installation should now be secure.
Thanks for using MySQL!

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

6楼 [报告]

发表于 2013-11-27 23:37 |只看该作者

本帖最后由 milujite 于 2013-11-28 00:29 编辑

第三章：安装openstack-utils和qpidd message

[root@openstack ~]# yum install crudini
[root@openstack ~]# yum install openstack-utils
[root@openstack ~]# yum install qpid-cpp-server memcached
[root@openstack ~]# vi /etc/qpidd.conf
auth=no
[root@openstack ~]# /etc/init.d/qpidd start
[root@openstack ~]# chkconfig qpidd on

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

7楼 [报告]

发表于 2013-11-27 23:41 |只看该作者

本帖最后由 milujite 于 2013-11-28 00:28 编辑

第四章：安装配置identity服务keystone

[root@openstack ~]# yum install openstack-keystone python-keystoneclient

复制代码

设置keystone的MySQL连接数据库账户为keystone，密码为openstack，数据库主机名为openstack，数据库为keystone

[root@openstack ~]# openstack-config --set /etc/keystone/keystone.conf \
> sql connection mysql://keystone:openstack@openstack/keystone

复制代码

初始化keystone数据库，要求与以上的keystone.conf配置相符，创建MySQL数据库keystone，账户为keystone，密码为openstack

[root@openstack ~]# openstack-db --init --service keystone --password openstack
Please enter the password for the 'root' MySQL user:
Verified connectivity to MySQL.
Creating 'keystone' database.
Updating 'keystone' database password in /etc/keystone/keystone.conf
Initializing the keystone database, please wait...
Complete!

复制代码

配置keystone token

[root@openstack ~]# ADMIN_TOKEN=$(openssl rand -hex 10)
[root@openstack ~]# echo $ADMIN_TOKEN
d7942140d255a0a61a30
[root@openstack ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
[root@openstack ~]# cat /etc/keystone/keystone.conf |grep 'admin_token ='
admin_token = d7942140d255a0a61a30

复制代码

创建keystone PKI签名证书

[root@openstack ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
2013-11-26 20:34:32.777 2054 INFO keystone.common.openssl [-] openssl genrsa -out /etc/keystone/ssl/certs/cakey.pem 2048
Generating RSA private key, 2048 bit long modulus
.............................+++
......................................+++
e is 65537 (0x10001)
2013-11-26 20:34:32.913 2054 INFO keystone.common.openssl [-] openssl req -new -x509 -extensions v3_ca -key /etc/keystone/ssl/certs/cakey.pem -out /etc/keystone/ssl/certs/ca.pem -days 3650 -config /etc/keystone/ssl/certs/openssl.conf -subj /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
2013-11-26 20:34:32.925 2054 INFO keystone.common.openssl [-] openssl genrsa -out /etc/keystone/ssl/private/signing_key.pem 2048
Generating RSA private key, 2048 bit long modulus
........................+++
......................................+++
e is 65537 (0x10001)
2013-11-26 20:34:33.051 2054 INFO keystone.common.openssl [-] openssl req -key /etc/keystone/ssl/private/signing_key.pem -new -out /etc/keystone/ssl/certs/req.pem -config /etc/keystone/ssl/certs/openssl.conf -subj /C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com
2013-11-26 20:34:33.062 2054 INFO keystone.common.openssl [-] openssl ca -batch -out /etc/keystone/ssl/certs/signing_cert.pem -config /etc/keystone/ssl/certs/openssl.conf -days 3650d -cert /etc/keystone/ssl/certs/ca.pem -keyfile /etc/keystone/ssl/certs/cakey.pem -infiles /etc/keystone/ssl/certs/req.pem
Using configuration from /etc/keystone/ssl/certs/openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :ASN.1 12:'Unset'
localityName :ASN.1 12:'Unset'
organizationName :ASN.1 12:'Unset'
commonName :ASN.1 12:'www.example.com'
Certificate is to be certified until Nov 24 12:34:33 2023 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
[root@openstack ~]# chown -R keystone:keystone /etc/keystone/* /var/log/keystone/keystone.log

复制代码

设置keystone服务启动

[root@openstack ~]# service openstack-keystone start
Starting keystone: [ OK ]
[root@openstack ~]# chkconfig openstack-keystone on

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

8楼 [报告]

发表于 2013-11-27 23:43 |只看该作者

配置users/tenants/roles关联
正常来说，identity service需要帐号密码验证，但是目前还未创建，因此需要使用之前创建的admin_token来验证。

定义环境变量：

[root@openstack ~]# export OS_SERVICE_TOKEN=d7942140d255a0a61a30
[root@openstack ~]# export OS_SERVICE_ENDPOINT=http://openstack:35357/v2.0

复制代码

创建管理用户以及其他openstack service使用的tenant

[root@openstack ~]# keystone tenant-create --name=admin --description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id | 1632f40c58bb4f7594af0c00af2103ad |
| name | admin |
+-------------+----------------------------------+
[root@openstack ~]# keystone tenant-create --name=service --description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | f9c647dd8c9046e4a628e50cfeefb870 |
| name | service |
+-------------+----------------------------------+

复制代码

创建管理用户admin，帐号名为admin，密码为openstack，邮箱为keystone@localhost

[root@openstack ~]# keystone user-create --name=admin --pass=openstack \
--email=keystone@localhost
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | keystone@localhost |
| enabled | True |
| id | f81fa135a2cf4b35949b7e88ec99e0c1 |
| name | admin |
+----------+----------------------------------+

复制代码

创建管理role

[root@openstack ~]# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 9b2d58bd31b6493fa200eee77bb9302f |
| name | admin |
+----------+----------------------------------+

复制代码

关联tenants/roles给admin用户

[root@openstack ~]# keystone user-role-add --user=admin --tenant=admin --role=admin

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

9楼 [报告]

发表于 2013-11-27 23:46 |只看该作者

定义identity service和api endpoint
　　Identity service也用来追踪openstack service以及这个服务在网络中的位置。每个openstack服务在安装时，需要使用keystone service-create来创建服务，并使用keystone endpoint-create制定该服务的api endpoint。
　　现在，我们需要创建identy service本身，这样以后的keystone命令将直接使用普通的身份验证来代替admin_token身份验证。

创建identity service

[root@openstack ~]# keystone service-create --name=keystone --type=identity --description="Keystone Identity Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Keystone Identity Service |
| id | 75b34145ffa04951b4cf90e7ea175b0a |
| name | keystone |
| type | identity |
+-------------+----------------------------------+

复制代码

指定identity service的api endpoint，需要用到以上创建identity service返回的id。制定endpoint时，需要提供相应的public API/internal API/admin API。

[root@openstack ~]# keystone endpoint-create \
> --service-id=75b34145ffa04951b4cf90e7ea175b0a \
> --publicurl=http://openstack:5000/v2.0 \
> --internalurl=http://openstack:5000/v2.0 \
> --adminurl=http://openstack:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://openstack:35357/v2.0 |
| id | df4f25de3a8d41a3a996f6745d7cb295 |
| internalurl | http://openstack:5000/v2.0 |
| publicurl | http://openstack:5000/v2.0 |
| region | regionOne |
| service_id | 75b34145ffa04951b4cf90e7ea175b0a |
+-------------+----------------------------------+

复制代码

验证identity service和API endpoint绑定，执行以下命令将返回admin用户的tenant id、user id、证书等等信息。

[root@openstack ~]# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
[root@openstack ~]# keystone --os-username=admin --os-password=openstack \ --os-auth-url=http://openstack:35357/v2.0 token-get
[root@openstack ~]# keystone --os-username=admin --os-password=openstack \
--os-tenant-name=admin --os-auth-url=http://openstack:35357/v2.0 token-get

复制代码

同样也可以这样来验证

　　以上验证也可以通过以下简单方式进行：
[root@openstack ~]# vi keystonerc
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://openstack:35357/v2.0
[root@openstack ~]# source keystonerc
[root@openstack ~]# keystone token-get
[root@openstack ~]# keystone user-list
+----------------------------------+-------+---------+--------------------+
| id | name | enabled | email |
+----------------------------------+-------+---------+--------------------+
| f81fa135a2cf4b35949b7e88ec99e0c1 | admin | True | keystone@localhost |
+----------------------------------+-------+---------+--------------------+

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

milujite

小富即安

论坛徽章:: 7

10楼 [报告]

发表于 2013-11-27 23:52 |只看该作者

本帖最后由 milujite 于 2013-11-28 00:29 编辑

第五章：安装配置image service
Image service包含两个服务glance-api和glance-registry，前者用于发现、传输和存储image，后者用于管理image的metadata。默认glance将image存储在/var/lib/glance/images/，因此需要保证/var挂载点有足够的空间。另外还有一个服务scrubber用于清理被删除的image。

安装openstack-glance

[root@openstack ~]# yum install openstack-glance

复制代码

配置glance数据库，设置glance的MySQL连接数据库账户为glance，密码为openstack，数据库主机名为openstack，数据库为glance

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf \
DEFAULT sql_connection mysql://glance:openstack@openstack/glance
[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf \
DEFAULT sql_connection mysql://glance:openstack@openstack/glance

复制代码

初始化openstack glance时，密码要与以上的glance-api.conf/glance-registry.conf相符合。

[root@openstack ~]# openstack-db --init --service glance --password openstack
Please enter the password for the 'root' MySQL user:
Verified connectivity to MySQL.
Creating 'glance' database.
Updating 'glance' database password in /etc/glance/glance-registry.conf /etc/glance/glance-api.conf
Initializing the glance database, please wait...
2013-11-26 21:56:38.019 2711 INFO glance.db.sqlalchemy.migration [-] Upgrading database to version latest
2013-11-26 21:56:38.033 2711 INFO migrate.versioning.api [-] 0 -> 1...
2013-11-26 21:56:38.036 2711 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table images
2013-11-26 21:56:38.113 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.113 2711 INFO migrate.versioning.api [-] 1 -> 2...
2013-11-26 21:56:38.117 2711 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table image_properties
2013-11-26 21:56:38.163 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.163 2711 INFO migrate.versioning.api [-] 2 -> 3...
2013-11-26 21:56:38.202 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.203 2711 INFO migrate.versioning.api [-] 3 -> 4...
2013-11-26 21:56:38.218 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.219 2711 INFO migrate.versioning.api [-] 4 -> 5...
2013-11-26 21:56:38.234 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.234 2711 INFO migrate.versioning.api [-] 5 -> 6...
2013-11-26 21:56:38.272 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.272 2711 INFO migrate.versioning.api [-] 6 -> 7...
2013-11-26 21:56:38.290 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.290 2711 INFO migrate.versioning.api [-] 7 -> 8...
2013-11-26 21:56:38.293 2711 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table image_members
2013-11-26 21:56:38.366 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.366 2711 INFO migrate.versioning.api [-] 8 -> 9...
2013-11-26 21:56:38.394 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.394 2711 INFO migrate.versioning.api [-] 9 -> 10...
2013-11-26 21:56:38.399 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.399 2711 INFO migrate.versioning.api [-] 10 -> 11...
2013-11-26 21:56:38.430 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.430 2711 INFO migrate.versioning.api [-] 11 -> 12...
2013-11-26 21:56:38.564 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.565 2711 INFO migrate.versioning.api [-] 12 -> 13...
2013-11-26 21:56:38.594 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.594 2711 INFO migrate.versioning.api [-] 13 -> 14...
2013-11-26 21:56:38.599 2711 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table image_tags
2013-11-26 21:56:38.636 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.636 2711 INFO migrate.versioning.api [-] 14 -> 15...
2013-11-26 21:56:38.646 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.646 2711 INFO migrate.versioning.api [-] 15 -> 16...
2013-11-26 21:56:38.702 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.702 2711 INFO migrate.versioning.api [-] 16 -> 17...
2013-11-26 21:56:38.772 2711 INFO 017_quote_encrypted_swift_credentials [-] 'metadata_encryption_key' was not specified in the config file or a config file was not specified. This means that this migration is a NOOP.
2013-11-26 21:56:38.775 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.775 2711 INFO migrate.versioning.api [-] 17 -> 18...
2013-11-26 21:56:38.781 2711 INFO glance.db.sqlalchemy.migrate_repo.schema [-] creating table image_locations
2013-11-26 21:56:38.795 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.795 2711 INFO migrate.versioning.api [-] 18 -> 19...
2013-11-26 21:56:38.805 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.806 2711 INFO migrate.versioning.api [-] 19 -> 20...
2013-11-26 21:56:38.842 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.842 2711 INFO migrate.versioning.api [-] 20 -> 21...
2013-11-26 21:56:38.853 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.853 2711 INFO migrate.versioning.api [-] 21 -> 22...
2013-11-26 21:56:38.881 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.881 2711 INFO migrate.versioning.api [-] 22 -> 23...
2013-11-26 21:56:38.884 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.884 2711 INFO migrate.versioning.api [-] 23 -> 24...
2013-11-26 21:56:38.889 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.889 2711 INFO migrate.versioning.api [-] 24 -> 25...
2013-11-26 21:56:38.893 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.893 2711 INFO migrate.versioning.api [-] 25 -> 26...
2013-11-26 21:56:38.963 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.963 2711 INFO migrate.versioning.api [-] 26 -> 27...
2013-11-26 21:56:38.991 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:38.991 2711 INFO migrate.versioning.api [-] 27 -> 28...
2013-11-26 21:56:39.009 2711 INFO migrate.versioning.api [-] done
2013-11-26 21:56:39.009 2711 INFO migrate.versioning.api [-] 28 -> 29...
2013-11-26 21:56:39.055 2711 INFO migrate.versioning.api [-] done
Complete!

复制代码

创建配置glance用户

[root@openstack ~]# keystone user-create --name=glance --pass=openstack --email=glance@localhost
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | glance@localhost |
| enabled | True |
| id | e037938e162a4a7c8c8b305d2ceb9e72 |
| name | glance |
+----------+----------------------------------+

复制代码

关联tenants/roles给glance用户

[root@openstack ~]# keystone user-role-add --user=glance --tenant=service --role=admin

复制代码

设置image service验证

[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host openstack
[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
[root@openstack ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password openstack
[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host openstack
[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
[root@openstack ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password openstack
　　修改etc/glance/glance-api-paste.ini和/etc/glance/glance-registry-paste.ini相应的验证参数。
[root@openstack ~]# cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini
[root@openstack ~]# cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini
　　编辑找到/etc/glance/glance-registry-paste.ini和/etc/glance/glance-api-paste.ini找到[filter:authtoken]字段，分别设置为：
[root@openstack ~]# vi /etc/glance/glance-api-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
delay_auth_decision = true
auth_host=openstack
admin_user=glance
admin_tenant_name=service
admin_password=openstack
[root@openstack ~]# vi /etc/glance/glance-registry-paste.ini
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host=openstack
admin_user=glance
admin_tenant_name=service
admin_password=openstack

复制代码

在identity service中注册image service

[root@openstack ~]# keystone service-create --name=glance --type=image --description="Glance Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Glance Image Service |
| id | 5cf53ad726e6485784e569dd55bcf5ff |
| name | glance |
| type | image |
+-------------+----------------------------------+

复制代码

关联image service和api endpoint

[root@openstack ~]# keystone endpoint-create \
> --service-id=5cf53ad726e6485784e569dd55bcf5ff \
> --publicurl=http://openstack:9292 \
> --internalurl=http://openstack:9292 \
> --adminurl=http://openstack:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://openstack:9292 |
| id | c41f39bbe6ae45c39929a9075e5b29e0 |
| internalurl | http://openstack:9292 |
| publicurl | http://openstack:9292 |
| region | regionOne |
| service_id | 5cf53ad726e6485784e569dd55bcf5ff |
+-------------+----------------------------------+

复制代码

设置image service相关服务启动

[root@openstack ~]# service openstack-glance-api start
Starting openstack-glance-api: [ OK ]
[root@openstack ~]# service openstack-glance-registry start
Starting openstack-glance-registry: [ OK ]
[root@openstack ~]# /etc/init.d/openstack-glance-scrubber start
Starting openstack-glance-scrubber: [ OK ]
[root@openstack ~]# chkconfig openstack-glance-api on
[root@openstack ~]# chkconfig openstack-glance-registry on
[root@openstack ~]# chkconfig openstack-glance-scrubber on

复制代码

验证glance service

[root@openstack ~]#wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img
[root@openstack ~]# glance image-create --name="CirrOS 0.3.1" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.1-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | d972013792949d0d3ba628fbe8685bce |
| container_format | bare |
| created_at | 2013-11-26T15:02:40 |
| deleted | False |
| deleted_at | None |
| disk_format | qcow2 |
| id | c2b6c28b-ac3f-47de-9bc0-e72ea752f658 |
| is_public | True |
| min_disk | 0 |
| min_ram | 0 |
| name | CirrOS 0.3.1 |
| owner | None |
| protected | False |
| size | 13147648 |
| status | active |
| updated_at | 2013-11-26T15:02:40 |
+------------------+--------------------------------------+
[root@openstack ~]# glance image-list
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| ID | Name | Disk Format | Container Format | Size | Status |
+--------------------------------------+--------------+-------------+------------------+----------+--------+
| c2b6c28b-ac3f-47de-9bc0-e72ea752f658 | CirrOS 0.3.1 | qcow2 | bare | 13147648 | active |
+--------------------------------------+--------------+-------------+------------------+----------+--------+

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

12 3 4 5 / 5 页下一页

返回列表

Chinaunix › 论坛 › IT运维 › 虚拟化与云服务 › 跟着官方文档一步一步架设openstack