/etc/hosts    192.168.1.202   controller

Network Time Protocol (NTP)

yum install chrony

controller /etc/chrony.conf

server NTP_SERVER iburst

allow 192.168.1.0/24

systemctl enable chronyd.service systemctl start chronyd.service

compute

server controller iburst

systemctl enable chronyd.service systemctl start chronyd.service

1、OpenStack packages

http://docs.openstack.org/newton/install-guide-rdo/environment-packages.html

yum install -y centos-release-openstack-newton

yum upgrade

yum install -y python-openstackclient

yum install -y openstack-selinux

2、SQL database

http://docs.openstack.org/newton/install-guide-rdo/environment-sql-database.html

yum install -y mariadb mariadb-server python2-PyMySQL

vim /etc/my.cnf.d/openstack.cnf

[mysqld] bind-address = 192.168.1.202

default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8

systemctl enable mariadb.service systemctl start mariadb.service

mysql_secure_installation

3、Message queue

http://docs.openstack.org/newton/install-guide-rdo/environment-messaging.html

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack 123456

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

4、Memcached

http://docs.openstack.org/newton/install-guide-rdo/environment-memcached.html

yum install -y memcached python-memcached

systemctl enable memcached.service systemctl start memcached.service

Identity

Install and configure

mysql -u root -p

mysql> CREATE DATABASE keystone;

mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \  IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \  IDENTIFIED BY '123456';

yum install -y openstack-keystone httpd mod_wsgi

vim /etc/keystone/keystone.conf 

[database]...connection = mysql+pymysql://keystone:123456@controller/keystone

[token]...provider = fernet

# su -s /bin/sh -c "keystone-manage db_sync" keystone

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# keystone-manage bootstrap --bootstrap-password 123456\  --bootstrap-admin-url http://controller:35357/v3/ \  --bootstrap-internal-url http://controller:35357/v3/ \  --bootstrap-public-url http://controller:5000/v3/ \  --bootstrap-region-id RegionOne

Configure the Apache HTTP server

vim  /etc/httpd/conf/httpd.conf

ServerName controller

sed -i ‘s/#ServerName www.example.com:80/ServerName controller/g‘ /etc/httpd/conf/httpd.conf 

  1. Create a link to the /usr/share/keystone/wsgi-keystone.conf file:

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Finalize the installation

# systemctl enable httpd.service# systemctl start httpd.service

export OS_USERNAME=adminexport OS_PASSWORD=123456export OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3

Create a domain, projects, users, and roles

openstack project create --domain default \  --description "Service Project" service

openstack project create --domain default \  --description "Demo Project" demo

openstack user create --domain default \  --password-prompt demo

openstack role create user

openstack role add --project demo --user demo user

Verify operation

vim /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api][pipeline:admin_api], and [pipeline:api_v3] sections.

unset OS_AUTH_URL OS_PASSWORD

openstack --os-auth-url http://controller:35357/v3 \  --os-project-domain-name Default --os-user-domain-name Default \  --os-project-name admin --os-username admin token issue

openstack --os-auth-url http://controller:5000/v3 \  --os-project-domain-name Default --os-user-domain-name Default \  --os-project-name demo --os-username demo token issue

Create OpenStack client environment scripts

vim admin-openrc 

export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

vim demo-openrc 

export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=123456export OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2

. admin-openrc

openstack token issue

Image service

$ mysql -u root -p

mysql> CREATE DATABASE glance;

mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \  IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \  IDENTIFIED BY '123456';

. admin-openrc

openstack user create --domain default --password-prompt glance

openstack role add --project service --user glance admin

openstack service create --name glance \  --description "OpenStack Image" p_w_picpath

openstack endpoint create --region RegionOne \  p_w_picpath public http://controller:9292

openstack endpoint create --region RegionOne \  p_w_picpath internal http://controller:9292

openstack endpoint create --region RegionOne \  p_w_picpath admin http://controller:9292

Install and configure components

yum install -y openstack-glance

vim /etc/glance/glance-api.conf

[database]...connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123456[paste_deploy]...flavor = keystone

[glance_store]...stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/p_w_picpaths/

vi /etc/glance/glance-registry.conf

[database]...connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123456[paste_deploy]...flavor = keystone

 

Populate the Image service database:

# su -s /bin/sh -c "glance-manage db_sync" glance

# systemctl enable openstack-glance-api.service \  openstack-glance-registry.service# systemctl start openstack-glance-api.service \  openstack-glance-registry.service

. admin-openrc

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

openstack p_w_picpath create "cirros" \  --file cirros-0.3.4-x86_64-disk.img \  --disk-format qcow2 --container-format bare \  --public

openstack p_w_picpath list

Compute service

Install and configure controller node

mysql -u root -p

mysql> CREATE DATABASE nova_api;mysql> CREATE DATABASE nova;

mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \  IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \  IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \  IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \  IDENTIFIED BY '123456';

. admin-openrc

openstack user create --domain default \  --password-prompt nova

openstack role add --project service --user nova admin

openstack service create --name nova \  --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne \  compute public http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \  compute internal http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

Install and configure components

yum install -y openstack-nova-api openstack-nova-conductor \  openstack-nova-console openstack-nova-novncproxy \  openstack-nova-scheduler

vim /etc/nova/nova.conf

[DEFAULT]...enabled_apis = osapi_compute,metadata

[api_database]...connection = mysql+pymysql://nova:123456@controller/nova_api[database]...connection = mysql+pymysql://nova:123456@controller/nova

[DEFAULT]...transport_url = rabbit://openstack:123456@controller

[DEFAULT]...auth_strategy = keystone[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = 123456

[DEFAULT]...my_ip = 10.0.0.11

[DEFAULT]...use_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]...vncserver_listen = $my_ipvncserver_proxyclient_address = $my_ip

[glance]...api_servers = http://controller:9292

[oslo_concurrency]...lock_path = /var/lib/nova/tmp

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage db sync" nova

Finalize installation

# systemctl enable openstack-nova-api.service \  openstack-nova-consoleauth.service openstack-nova-scheduler.service \  openstack-nova-conductor.service openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service \  openstack-nova-consoleauth.service openstack-nova-scheduler.service \  openstack-nova-conductor.service openstack-nova-novncproxy.service