/etc/hosts 192.168.1.202 controller
Network Time Protocol (NTP)
yum install chrony
controller /etc/chrony.conf
server NTP_SERVER iburst
allow 192.168.1.0/24
systemctl enable chronyd.service systemctl start chronyd.service
compute
server controller iburst
systemctl enable chronyd.service systemctl start chronyd.service
1、OpenStack packages
http://docs.openstack.org/newton/install-guide-rdo/environment-packages.html
yum install -y centos-release-openstack-newton
yum upgrade
yum install -y python-openstackclient
yum install -y openstack-selinux
2、SQL database
http://docs.openstack.org/newton/install-guide-rdo/environment-sql-database.html
yum install -y mariadb mariadb-server python2-PyMySQL
vim /etc/my.cnf.d/openstack.cnf
[mysqld] bind-address = 192.168.1.202
default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
systemctl enable mariadb.service systemctl start mariadb.service
mysql_secure_installation
3、Message queue
http://docs.openstack.org/newton/install-guide-rdo/environment-messaging.html
yum install -y rabbitmq-server
systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack 123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
4、Memcached
http://docs.openstack.org/newton/install-guide-rdo/environment-memcached.html
yum install -y memcached python-memcached
systemctl enable memcached.service systemctl start memcached.service
Identity
Install and configure
mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY '123456';
yum install -y openstack-keystone httpd mod_wsgi
vim /etc/keystone/keystone.conf
[database]...connection = mysql+pymysql://keystone:123456@controller/keystone
[token]...provider = fernet
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-password 123456\ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:35357/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
Configure the Apache HTTP server
vim /etc/httpd/conf/httpd.conf
ServerName controller
sed -i ‘s/#ServerName www.example.com:80/ServerName controller/g‘ /etc/httpd/conf/httpd.conf
Create a link to the /usr/share/keystone/wsgi-keystone.conf file:
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
Finalize the installation
# systemctl enable httpd.service# systemctl start httpd.service
export OS_USERNAME=adminexport OS_PASSWORD=123456export OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3
Create a domain, projects, users, and roles
openstack project create --domain default \ --description "Service Project" service
openstack project create --domain default \ --description "Demo Project" demo
openstack user create --domain default \ --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
Verify operation
vim /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue
Create OpenStack client environment scripts
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=123456export OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2
. admin-openrc
openstack token issue
Image service
$ mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY '123456';
. admin-openrc
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance \ --description "OpenStack Image" p_w_picpath
openstack endpoint create --region RegionOne \ p_w_picpath public http://controller:9292
openstack endpoint create --region RegionOne \ p_w_picpath internal http://controller:9292
openstack endpoint create --region RegionOne \ p_w_picpath admin http://controller:9292
Install and configure components
yum install -y openstack-glance
vim /etc/glance/glance-api.conf
[database]...connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123456[paste_deploy]...flavor = keystone
[glance_store]...stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/p_w_picpaths/
vi /etc/glance/glance-registry.conf
[database]...connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123456[paste_deploy]...flavor = keystone
Populate the Image service database:
# su -s /bin/sh -c "glance-manage db_sync" glance
# systemctl enable openstack-glance-api.service \ openstack-glance-registry.service# systemctl start openstack-glance-api.service \ openstack-glance-registry.service
. admin-openrc
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack p_w_picpath create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public
openstack p_w_picpath list
Compute service
Install and configure controller node
mysql -u root -p
mysql> CREATE DATABASE nova_api;mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
. admin-openrc
openstack user create --domain default \ --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova \ --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1/%\(tenant_id\)s
Install and configure components
yum install -y openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler
vim /etc/nova/nova.conf
[DEFAULT]...enabled_apis = osapi_compute,metadata
[api_database]...connection = mysql+pymysql://nova:123456@controller/nova_api[database]...connection = mysql+pymysql://nova:123456@controller/nova
[DEFAULT]...transport_url = rabbit://openstack:123456@controller
[DEFAULT]...auth_strategy = keystone[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = 123456
[DEFAULT]...my_ip = 10.0.0.11
[DEFAULT]...use_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]...vncserver_listen = $my_ipvncserver_proxyclient_address = $my_ip
[glance]...api_servers = http://controller:9292
[oslo_concurrency]...lock_path = /var/lib/nova/tmp
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
Finalize installation
# systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service