目录
Centos7搭建OpenStack T版本 --上
1. 环境准备(所有节点操作)
| 主机名 | IP |
|---|---|
| controller | 192.168.100.100(仅主机) 192.168.200.X (NAT模式DHCP分配) |
| compute | 192.168.100.200(仅主机) 192.168.200.X (NAT模式DHCP分配) |
如果需要搭建存储节点则添加机器并配置网络即可,我的所有密码设置为123
1.1 修改主机名
所有节点都需要操作,且操作方法一样,只写了controller一个节点的结果,其他节点照常执行
IP地址自行配置
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash
1.2 关闭selinux 以及防火墙
将默认的enforcing改为disabled
[root@controller ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@controller ~]# setenforce 0
[root@controller ~]# systemctl disable --now firewalld
1.3 修改hosts
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 加上controller和compute,如果有其他节点也写进来
192.168.100.100 controller
192.168.100.110 compute
1.4 配置时间同步
controller 操作
[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
# controller节点需要改这三个地方
server ntp.aliyun.com iburst # 中间的ntp服务器可自己改,能同步就行
allow 192.168.100.0/24 #允许192.168.100.0/24 这个网段内的主机与这台服务器同步
local stratum 10
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 2 +319us[ +654us] +/- 23ms
compute以及其他节点操作
[root@compute ~]# yum install chrony -y
[root@compute ~]# vim /etc/chrony.conf
# 只需要改动一处地方
server controller iburst
[root@compute ~]# systemctl restart chronyd
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 7 1 +6342ns[ -921us] +/- 29ms
1.5 配置OpenStack 软件包
[root@controller ~]# yum install centos-release-openstack-train -y
[root@controller ~]# yum install python2-openstackclient -y
1.6 安装数据库
从这里开始只需要在controller节点上操作,其他节点不需要操作
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
# 官网有这一条配置,我没有打开,打开之后不方便排错
# bind-address = 192.168.100.100
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb
数据库初始化
[root@controller ~]# mysql_secure_installation
Enter current password for root (enter for none): # 直接按回车
Change the root password? [Y/n] # 是否修改root密码,按Y然后输入密码
Remove anonymous users? [Y/n] # 移除匿名用户,建议移除
Disallow root login remotely? [Y/n] # 是否禁止root远程登录,建议开启,按n
Remove test database and access to it? [Y/n] # 移除测试数据库,建议按Y
Reload privilege tables now? [Y/n] # 重新加载权限,按Y
1.7 安装消息队列
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service --now
# 这个地方RABBIT_PASS 设置为你自己的密码,我用的123
# rabbitmqctl add_user openstack RABBIT_PASS
[root@controller ~]# rabbitmqctl add_user openstack 123
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
1.8 安装memcached
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# vim /etc/sysconfig/memcached
# 修改这一行,加上controller
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service --now
1.9 安装etcd
[root@controller ~]# yum install etcd -y
# 直接清空原先的配置,使用这些,注意将192.178.100.100 改为你自己的controller的IP
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.100:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.100:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.100:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller ~]# systemctl enable --now etcd
2. 安装Keystone
2.1 数据库操作
我的所有密码为123,之后不写注释了,你需要修改密码的话将123改为你想设的密码就好
[root@controller ~]# mysql -uroot -p123
# -p 后面跟上你的数据库root密码,如果不想这样直接显示登录的话可以直接-p 回车
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '123';
MariaDB [(none)]> glush privileges;
2.2 安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
# 自己注意替换密码,123是你要替换的地方
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# 命令比较长,注意自行替换123
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123
--bootstrap-admin-url http://controller:5000/v3/
--bootstrap-internal-url http://controller:5000/v3/
--bootstrap-public-url http://controller:5000/v3/
--bootstrap-region-id RegionOne
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable --now httpd
2.3 编写admin rc文件
[root@controller ~]# vim admin-login.sh
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.4 测试keystone是否正常工作
2.4.1 创建domain
[root@controller ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
2.4.2 创建project
[root@controller ~]# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
2.4.3 最后测试
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password: # 这个地方输入admin密码
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
3. 安装glance
3.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '123';
3.2 创建 glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password: # 输入两次密码
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
3.3 给glance创建服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
3.4 安装配置glance
[root@controller ~]# yum install openstack-glance -y
3.4.1 glance-api 配置文件
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.5 同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
3.6 启动服务
[root@controller ~]# systemctl enable openstack-glance-api.service --now
3.7 验证服务
[root@controller ~]# source admin-login.sh
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@controller ~]# glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2a2ff041-0696-47a6-893b-b35d529b743d | cirros | active |
+--------------------------------------+--------+--------+
# 输出这个就代表没错
4. 安装placement
4.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123';
4.2 配置用户
[root@controller ~]# openstack user create --domain default --password-prompt placement
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement \ --description "Placement API" placement
4.3 创建服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \
placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
placement admin http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
placement internal http://controller:8778
4.4 安装placement
[root@controller ~]# yum install openstack-placement-api -y
4.5 placement配置文件
[placement_database]
connection = mysql+pymysql://placement:123@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123
4.6 同步数据库
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
4.7 重启httpd服务
[root@controller ~]# systemctl restart httpd
4.8 验证服务
[root@controller ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+