Openstack-newon版本安装

Openstack-newon版本安装

安装环境

       Centos7

单节点，单网卡安装

准备工作

       NAT方式下的网络配置：

1. 找到需要的网络配置参数：

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno16777736

TYPE="Ethernet"

BOOTPROTO=static

DEFROUTE="yes"

IPV4_FAILURE_FATAL="no"

IPV6INIT="yes"

IPV6_AUTOCONF="yes"

IPV6_DEFROUTE="yes"

IPV6_FAILURE_FATAL="no"

NAME="eno16777736"

UUID="e52041f9-6cce-49f5-9f75-dced407765a4"

DEVICE="eno16777736"

ONBOOT="yes"

IPADDR=192.168.174.222

NETMASK=255.255.255.0

GATEWAY=192.168.174.2

PEERDNS="yes"

DNS1=8.8.8.8

IPV6_PEERDNS=yes

IPV6_PEERROUTES=yes

修改主机名：

[root@localhost ~]# hostnamectl set-hostname controller --static –transient

修改hosts文件：

[root@controller ~]# vi /etc/hosts

192.168.174.222 controller

安装NTP_SERVER

[root@controller ~]# yum install chrony

启动ntp：

[root@controller ~]# systemctl enable chronyd.service

[root@controller ~]# systemctl start chronyd.service

检查ntp

[root@controller ~]# chronyc sources

效果如图：

安装rdo源：

[root@controller ~]#  yuminstall centos-release-openstack-newton –y

[root@controller ~]#  yuminstall https://rdoproject.org/repos/rdo-release.rpm -y

进行升级：

[root@controller ~]# yum upgrade

安装openstack客户端：

[root@controller ~]# yum install python-openstackclient –y

[root@controller ~]# yum install openstack-selinux -y

安装mysql数据库：

[root@controller ~]# yum install mariadb mariadb-serverpython2-PyMySQL –y

配置mysql  /etc/my.cnf.d/openstack.cnf

[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 0.0.0.0

 

default-storage-engine = innodb

innodb_file_per_table

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

完成安装：Start thedatabase service and configure it to start when the system boots:

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

设置mysql用户root登陆密码：root

[root@controller ~]# mysql_secure_installation

安装消息队列：Install thepackage

[root@controller ~]# yum install rabbitmq-server –y

启动：

[root@controller ~]# systemctl enable rabbitmq-server.service

[root@controller ~]# systemctl start rabbitmq-server.service

创建用户Add the openstack user:

[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS

设置权限Permitconfiguration, write, and read access for the openstackuser

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*"".*"

安装memcached

[root@controller ~]# yum install memcached python-memcached –y

设置开机启动：

[root@controller ~]# systemctl enable memcached.service

[root@controller ~]# systemctl start memcached.service

安装认证服务：keystone

1.To create thedatabase, complete the following actions:

[root@controller ~]# mysql-u root -proot

Create the keystone database:

              MariaDB [(none)]> CREATE DATABASE keystone;

Grant properaccess to the keystone database:

             MariaDB[(none)]>  GRANTALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

   ->   IDENTIFIED BY'KEYSTONE_DBPASS';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALLPRIVILEGES ON keystone.* TO 'keystone'@'%' \

   ->   IDENTIFIED BY'KEYSTONE_DBPASS';

Query OK, 0 rows affected (0.00 sec)

1.Run thefollowing command to install the packages:

# yum install openstack-keystone htpd mod_wsgi

2．dit the /etc/keystone/keystone.conf file andcomplete the following actions:

       In the [database] section,configure database access:

[database]

...

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

Replace KEYSTONE_DBPASS with thepassword you chose for the database.

In the [token] section,configure the Fernet token provider:

[token]

...

provider = fernet

3.pulate theIdentity service database:同步数据库

# su -s /bin/sh -c "keystone-manage db_sync" keystone4.nitialize Fernet key repositories:

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5.strap theIdentity service:

# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

  --bootstrap-admin-url http://controller:35357/v3/ \

  --bootstrap-internal-url http://controller:35357/v3/ \

  --bootstrap-public-url http://controller:5000/v3/ \

  --bootstrap-region-id RegionOne

Replace ADMIN_PASS with a suitablepassword for an administrative user。

Configure the Apache HTTP server

1. Edit the /etc/httpd/conf/httpd.conf file andconfigure the ServerName option toreference the controller node:

ServerName controller

1. Create a link to the /usr/share/keystone/wsgi-keystone.conf file:

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

1. Start the Apache HTTP service and configure itto start when the system boots:

# systemctl enable httpd.service

# systemctl start httpd.service

1. Configure the administrative account.

$ export S_USERNAME=admin

$exportOS_PASSWORD=ADMIN_PASS

$exportOS_PROJECT_NAME=admin

$exportOS_USER_DOMAIN_NAME=Default

$exportOS_PROJECT_DOMAIN_NAME=Default

$exportOS_AUTH_URL=http://controller:35357/v3

$exportOS_IDENTITY_API_VERSION=3

Create a domain, projects, users,and roles

1. This guide uses a service project that containsa unique user for each service that you add to your environment. Create the service project

openstack project create --domain default \

 --description "Service Project" service

1. Regular (non-admin) tasks should use anunprivileged project and user. As an example, this guide creates the demoproject anduser.

Create the demo project:

openstack project create --domain default \

  --description "Demo Project" demo

Create the demo user:

openstack user create --domain default \

  --password-prompt demo

密码：demo

Create the user role:

openstack role create user

Add the user role to the demo project anduser:

openstack role add --project demo --user demo user

 

Verify operation

1.For securityreasons, disable the temporary authentication token mechanism:

Edit the /etc/keystone/keystone-paste.ini file and remove admin_token_auth from the [pipeline:public_api],[pipeline:admin_api], and [pipeline:api_v3] sections.

2.Unset thetemporary OS_AUTH_URL and OS_PASSWORD environmentvariable:

unset OS_AUTH_URL OS_PASSWORD

3.As the admin user, request anauthentication token:

$ openstack --os-auth-url http://controller:35357/v3 \

  --os-project-domain-name default --os-user-domain-name default \

  --os-project-name admin --os-username admin token issue

Creating the scripts

1.Edit the admin-openrc file and add thefollowing content:

exportOS_PROJECT_DOMAIN_NAME=default

exportOS_USER_DOMAIN_NAME=default

exportOS_PROJECT_NAME=admin

exportOS_USERNAME=admin

exportOS_PASSWORD=ADMIN_PASS

exportOS_AUTH_URL=http://controller:35357/v3

exportOS_IDENTITY_API_VERSION=3

exportOS_IMAGE_API_VERSION=2

执行

[root@controller ~]# . admin-openrc

[root@controller~]# openstack --os-auth-urlhttp://controller:35357/v3  --os-project-domain-name default --os-user-domain-name default   --os-project-name admin --os-username admintoken issue

Using the scripts

1.Load the admin-openrc file to populateenvironment variables with the location of the Identity service and the adminproject and usercredentials:

$ . admin-openrc

2.Request anauthentication token:

openstack token issue

Image service

1.To create the database, completethese steps:

Use the databaseaccess client to connect to the database server as the root user:

mysql -u root -p

Create the glance database:

mysql> CREATE DATABASE glance;

Grant properaccess to the glance database:

mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

  IDENTIFIED BY 'GLANCE_DBPASS';

mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

  IDENTIFIED BY 'GLANCE_DBPASS';

1. To create the service credentials, completethese steps:

$ openstack user create --domain default --password-prompt glance

Add the admin role to the glance user and service project:

openstack role add --project service --user glance admin

Create the glance service entity:

openstack service create --name glance \

  --description "OpenStack Image" p_w_picpath

Create the Imageservice API endpoints:

openstack endpoint create --region RegionOne \

  p_w_picpath public http://controller:9292

openstack endpoint create --region RegionOne \

  p_w_picpath internal http://controller:9292

openstack endpoint create --region RegionOne \

  p_w_picpath admin http://controller:9292

安装glance：

# yum install openstack-glance –y

1. Edit the /etc/glance/glance-api.conf file andcomplete the following actions:

In the [database] section,configure database access:

[database]

...

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

In the [keystone_authtoken] and [paste_deploy] sections,configure Identity service access:

[keystone_authtoken]

...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = GLANCE_PASS

[paste_deploy]

...

flavor = keystone

In the [glance_store] section,configure the local file system store and location of p_w_picpath files:

[glance_store]

...

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/p_w_picpaths/

1. Edit the /etc/glance/glance-registry.conf file andcomplete the following actions:

In the [database] section,configure database access:

[database]

...

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

In the [keystone_authtoken] and [paste_deploy] sections,configure Identity service access:

[keystone_authtoken]

...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = GLANCE_PASS

[paste_deploy]

...

flavor = keystone

 

1. Populate the Image service database:

# su -s /bin/sh -c "glance-manage db_sync" glance

Finalize installation

# systemctl enable openstack-glance-api.service \

  openstack-glance-registry.service

# systemctl start openstack-glance-api.service \

  openstack-glance-registry.service

2.Download thesource p_w_picpath:

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

1. Upload the p_w_picpath to the Image service using the QCOW2 disk format, bare containerformat, and public visibility so all projects can access it:

 openstack p_w_picpath create "cirros"\

  --file cirros-0.3.4-x86_64-disk.img \

  --disk-format qcow2 --container-format bare \

  --public

 

1. Confirm upload of the p_w_picpath and validateattributes:

openstack p_w_picpath list

 

安装nova

1. To create the databases, complete these steps:

   Use the databaseaccess client to connect to the database server as the root user:

mysql -u root -p

Create the nova_api and nova databases:

mysql> CREATE DATABASE nova_api;

mysql> CREATE DATABASE nova;

Grant properaccess to the databases:

mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

 

1. To create the service credentials, completethese steps:

Create the nova user:

openstack user create --domain default \

  --password-prompt nova

密码：nova

       Add the admin role to the nova user:

openstack role add --project service --user nova admin

       Create the nova service entity:

openstack service create --name nova \

  --description "OpenStack Compute" compute

1. Create the Compute service API endpoints:

openstack endpoint create --region RegionOne \

 compute public http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \  compute internal http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

Install and configure components

1. Install and configure components

yum install openstack-nova-api openstack-nova-conductor \

  openstack-nova-console openstack-nova-novncproxy \

  openstack-nova-scheduler

2.it the /etc/nova/nova.conf file andcomplete the following actions:

       In the [DEFAULT] section, enableonly the compute and metadata APIs:

[DEFAULT]

...

enabled_apis = osapi_compute,metadata

       In the [api_database] and [database] sections,configure database access:

[api_database]

...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

       In the [DEFAULT] section,configure RabbitMQ message queueaccess:

[DEFAULT]

...

transport_url = rabbit://openstack:RABBIT_PASS@controller

       In the [DEFAULT] and [keystone_authtoken] sections,configure Identity service access:

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = NOVA_PASS

In the [DEFAULT] section,configure the my_ip option to usethe management interface IP address of the controller node:

[DEFAULT]

...

my_ip = 192.168.174.222

In the [DEFAULT] section, enablesupport for the Networking service:

[DEFAULT]

...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

In the [vnc] section,configure the VNC proxy to use the management interface IP address of thecontroller node:

[vnc]

...

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

In the [glance] section,configure the location of the Image service API:

[glance]

...

api_servers = http://controller:9292

In the [oslo_concurrency] section,configure the lock path:

[oslo_concurrency]

...

lock_path = /var/lib/nova/tmp

Populate theCompute databases:

# su -s /bin/sh -c "nova-manage api_db sync" nova

# su -s /bin/sh -c "nova-manage db sync" nova

Finalizeinstallation

# systemctl enable openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl start openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

Install and configure a computenode

（注：以下文件所需配置的大部分内容已经在上步骤已经完成，只需配置没有配置的即可）

yum install openstack-nova-compute

1. Edit the /etc/nova/nova.conf file andcomplete the following actions:

In the [DEFAULT] section, enableonly the compute and metadata APIs:

[DEFAULT]

...

enabled_apis = osapi_compute,metadata

In the [DEFAULT] section,configure RabbitMQ message queueaccess:

[DEFAULT]

...

transport_url = rabbit://openstack:RABBIT_PASS@controller

In the [DEFAULT] and [keystone_authtoken] sections,configure Identity service access:

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = NOVA_PASS

In the [DEFAULT] section,configure the my_ip option:

[DEFAULT]

...

my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

In the [DEFAULT] section, enablesupport for the Networking service:

[DEFAULT]

...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

In the [vnc] section, enableand configure remote console access:

[vnc]

...

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

In the [glance] section,configure the location of the Image service API:

[glance]

...

api_servers = http://controller:9292

In the [oslo_concurrency] section,configure the lock path:

[oslo_concurrency]

...

lock_path = /var/lib/nova/tmp

Finalize installation

1. Determine whether your compute node supportshardware acceleration for virtual machines:

 egrep -c '(vmx|svm)' /proc/cpuinfo

If this command returns a value of one or greater, your compute node supports hardware acceleration whichtypically requires no additional configuration.

If this command returns a value of zero,your compute node does not support hardware acceleration and you must configure libvirt to use QEMU instead of KVM.

输出值大于2  libvirt  配置成KVM

Edit the [libvirt] section in the /etc/nova/nova.conf file as follows:

[libvirt]

...

virt_type = kvm

 

1. Start the Compute service including itsdependencies and configure them to start automatically when the system boots:

 systemctl enable libvirtd.service openstack-nova-compute.service

 systemctl start libvirtd.service openstack-nova-compute.service

 

1. List service components to verify successfullaunch and registration of each process:

openstack compute service list