1、节点信息

test-node1    10.90.2.1    控制节点

test-node2    10.90.2.10    计算节点


2、节点初始化

(1)同步时间
ntpdate pool.ntp.org && clock -w

(2)关闭防火墙selinux
systemctl stop firewalld.service 
systemctl disable firewalld.service
sed -i 's/enforcing/disabled/g' /etc/selinux/config
echo 0 > /sys/fs/selinux/enforce

(3)yum源配置
rpm -Uvh http://centos.ustc.edu.cn/epel/7/x86_64/e/epel-release-7-6.noarch.rpm 
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh https://repos.fedorapeople.org/repos/openstack/EOL/openstack-juno/rdo-release-juno-1.noarch.rpm 
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' epel.repo 
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' CentOS-Base.repo 
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck = 1/gpgcheck = 0/' rpmforge.repo

3、rabbitmq和mysql安装配置

(1)安装基本软件
yum -y install vim-enhanced net-tools ntpdate wget lrzsy libvirt mariadb mariadb-server MySQL-python rabbitmq-server

(2)修改my.cnf配置文件
cat /etc/my.cnf
……
bind-address = 10.90.2.1 
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
……

(3)添加mysql开机启动
systemctl enable mariadb.service
systemctl start mariadb.service 

(4)mysql初始化
mysql_secure_installation

(5)添加rabbitmq开机启动
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

(6)创建数据库并授权
CREATE DATABASE nova;
CREATE DATABASE glance;
CREATE DATABASE keystone;
CREATE DATABASE neutron;
CREATE DATABASE cinder;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'Service123';
FLUSH PRIVILEGES;

4、Identity安装配置

(1)安装keystone
yum -y install openstack-keystone python-keystoneclient

(2)生成随机10字符
#openssl rand -hex 10
3189f74b3432bd24764f

(3)配置keystone.conf,添加token、数据库信息
/etc/keystone/keystone.conf
admin_token=3189f74b3432bd24764f
[database]
connection = mysql://keystone:[email protected]/keystone
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token

(4)默认keystone使用PKI令牌,创建签名秘钥和证书
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl

(5)同步数据库,启动服务
keystone-manage db_sync
systemctl enable openstack-keystone.service
systemctl start openstack-keystone.service

(6)添加计划任务清理过期令牌
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
  echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \
  >> /var/spool/cron/keystone
  
(7)用临时变量,创建admin token信息
export OS_SERVICE_TOKEN=3189f74b3432bd24764f
export OS_SERVICE_ENDPOINT=
 
keystone tenant-create --name admin --description "Admin Tenant"
keystone user-create --name admin --pass password
keystone role-create --name admin
keystone user-role-add --tenant admin --user admin --role admin
keystone role-create --name _member_
keystone user-role-add --tenant admin --user admin --role _member_
keystone tenant-create --name demo --description "Demo Tenant"
keystone user-create --name demo --pass password
keystone user-role-add --tenant demo --user demo --role _member_
keystone tenant-create --name service --description "Service Tenant"
keystone service-create --name keystone --type identity \
  --description "OpenStack Identity"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl http://10.90.2.1:5000/v2.0 \
  --internalurl http://10.90.2.1:5000/v2.0 \
  --adminurl http://10.90.2.1:35357/v2.0 \
  --region regionOne
  
(8)取消临时变量  
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

(9)创建admin信息文件admin_token
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=
 
source admin_token

5、Glance

(1)安装glance软件
yum -y install python-keystoneclient openstack-glance python-glanceclient

(2)创建glance token信息
keystone user-create --name glance --pass Service123
keystone user-role-add --user glance --tenant service --role admin
keystone service-create --name glance --type image \
  --description "OpenStack Image Service"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ image / {print $2}') \
  --publicurl http://10.90.2.1:9292 \
  --internalurl http://10.90.2.1:9292 \
  --adminurl http://10.90.2.1:9292 \
  --region regionOne
  
(3)修改glance-api配置文件/etc/glance/glance-api.conf
[database]
connection = mysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = Service123
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

(4)修改glance配置文件/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = Service123
[paste_deploy]
flavor = keystone

(5)同步glance数据库并添加开机启动
glance-manage db_sync
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

注:启动api一直报错,添加日志权限启动正常
chown -R glance:glance /var/log/glance/api.log

(6)上传glance镜像测试
wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img \
  --disk-format qcow2 --container-format bare --is-public True --progress 
   
glance image-list查看添加镜像即可

6、Nova组件安装

(1)安装nova软件
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

(2)创建nova token信息
keystone user-create --name nova --pass Service123
keystone user-role-add --user nova --tenant service --role admin
keystone service-create --name nova --type compute \
  --description "OpenStack Compute"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ compute / {print $2}') \
  --publicurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
  --internalurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
  --adminurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
  --region regionOne
  
(3)修改nova配置文件/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.1
vncserver_listen = 10.90.2.1
vncserver_proxyclient_address = 10.90.2.1
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[glance]
host = 10.90.2.1
[database]
connection = mysql://nova:[email protected]/nova
注意:此段需要自己手动添加
[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = nova
admin_password = Service123
[neutron]
url = http://10.90.2.1:9696
auth_strategy = keystone
admin_auth_url = http://10.90.2.1:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Service123
service_metadata_proxy = True

(4)同步数据库
nova-manage db sync

(5)添加nova开机启动
systemctl enable openstack-nova-api.service openstack-nova-cert.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
  
(6)启动后查看服务,状态正常OK
nova-manage service list
Binary           Host                                 Zone             Status     State Updated_At
nova-conductor   test-node1                           internal         enabled    :-)   2015-10-21 04:33:25
nova-cert        test-node1                           internal         enabled    :-)   2015-10-21 04:33:25
nova-consoleauth test-node1                           internal         enabled    :-)   2015-10-21 04:33:25
nova-scheduler   test-node1                           internal         enabled    :-)   2015-10-21 04:33:25


7、Neutron

(1)安装基本软件
yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which openstack-neutron-linuxbridge

(2)创建neutron token信息
keystone user-create --name neutron --pass Service123
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network \
  --description "OpenStack Networking"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ network / {print $2}') \
  --publicurl http://10.90.2.1:9696 \
  --internalurl http://10.90.2.1:9696 \
  --adminurl http://10.90.2.1:9696 \
  --region regionOne
  
(3)查看记录SERVICE的TENANT_ID
keystone tenant-list | awk '/ service / {print $2}'
f6e348cdbd1842fc9aa45d81a564af27

(4)修改neutron配置文件/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:[email protected]/neutron
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.90.2.1:8774/v2
nova_admin_auth_url = http://10.90.2.1:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = f6e348cdbd1842fc9aa45d81a564af27
nova_admin_password = Service123
[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Service123

(5)修改ml2配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = physnet1

(6)修改linuxbridge配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
[vlans]
network_vlan_ranges = physnet1
[linux_bridge]
physical_interface_mappings = physnet1:enp5s0f0
[securitygroup]
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

(7)同步neutron数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
neutron-db-manage --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 --config-file /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini upgrade juno
 
(8)重启nova相关服务,并添加neutron开机启动
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service
systemctl enable neutron-server.service
systemctl start neutron-server.service 

(9)测试neutron命令输出正常
neutron ext-list
+-----------------------+-----------------------------------------------+
| alias                 | name                                          |
+-----------------------+-----------------------------------------------+
| security-group        | security-group                                |
| l3_agent_scheduler    | L3 Agent Scheduler                            |
| ext-gw-mode           | Neutron L3 Configurable external gateway mode |
| binding               | Port Binding                                  |
| provider              | Provider Network                              |
| agent                 | agent                                         |
| quotas                | Quota management support                      |
| dhcp_agent_scheduler  | DHCP Agent Scheduler                          |
| l3-ha                 | HA Router extension                           |
| multi-provider        | Multi Provider Network                        |
| external-net          | Neutron external network                      |
| router                | Neutron L3 Router                             |
| allowed-address-pairs | Allowed Address Pairs                         |
| extraroute            | Neutron Extra Route                           |
| extra_dhcp_opt        | Neutron Extra DHCP opts                       |
| dvr                   | Distributed Virtual Router                    |
+-----------------------+-----------------------------------------------+

8、Horizon

(1)基本软件安装
yum -y install openstack-dashboard httpd mod_wsgi memcached python-memcached

(2)修改dashbord配置文件/etc/openstack-dashboard/local_settings
sed -i -e "s/ALLOWED_HOSTS = \['horizon.example.com', 'localhost'\]/ALLOWED_HOSTS = ['*']/" \
 -e 's/OPENSTACK_HOST = "127.0.0.1"/OPENSTACK_HOST = "10.90.2.1"/' /etc/openstack-dashboard/local_settings
 
(3)添加权限和开机启动
chown -R apache:apache /usr/share/openstack-dashboard/static
systemctl enable httpd.service memcached.service
systemctl start httpd.service memcached.service

(4)浏览器访问测试
http://10.90.2.1/dashboard

(5)创建外部网络
neutron net-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 ext-net \
 --provider:network_type flat \
 --provider:physical_network physnet1 \
 --router:external=True
 
(6)创建外部网络子网
neutron subnet-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 \
 --name ext-subnet --allocation-pool start=10.90.2.150,end=10.90.2.200 \
 --gateway 10.90.0.1 ext-net 10.90.2.0/16 --disable-dhcp

9、Cinder

(1)安装基本软件
yum -y install openstack-cinder python-cinderclient python-osl-db lvm2 targetcli

(2)创建cinder token信息
keystone user-create --name cinder --pass Service123
keystone user-role-add --user cinder --tenant service --role admin
keystone service-create --name cinder --type volume \
  --description "OpenStack Block Storage"
keystone service-create --name cinderv2 --type volumev2 \
  --description "OpenStack Block Storage"
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ volume / {print $2}') \
  --publicurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
  --internalurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
  --adminurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
  --region regionOne
keystone endpoint-create \
  --service-id $(keystone service-list | awk '/ volumev2 / {print $2}') \
  --publicurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
  --internalurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
  --adminurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
  --region regionOne
  
(3)修改cinder配置文件/etc/cinder/cinder.conf  
[database]
connection = mysql://cinder:[email protected]/cinder
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.1 
iscsi_helper = lioadm
glance_host = 10.90.2.1
[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = cinder
admin_password = Service123 

(4)同步并启动cinder
cinder-manage db sync
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service 
  
(5)开机启动lvm2,创建cinder的PV 
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
  
partprobe  
pvcreate /dev/sda4 
  Physical volume "/dev/sda4" successfully created
vgcreate cinder-volumes /dev/sda4 
  Volume group "cinder-volumes" successfully created
  
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service  
  
(6)cinder创建10G卷
cinder create --display-name demo-volume1 10

10、添加计算节点

(1)安装基本软件
yum -y install ntp openstack-nova-compute sysfsutils libvirt-daemon-config-nwfilter openstack-neutron-ml2 openstack-neutron-linuxbridge
  
(2)修改nova配置文件/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.10
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.90.2.10
novncproxy_base_url = http://10.90.2.1:6080/vnc_auto.html
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = nova
admin_password = Service123

[glance]
host = 10.90.2.1
[libvirt]
virt_type = kvm

[neutron]
url = http://10.90.2.1:9696\n\
auth_strategy = keystone
admin_auth_url = http://10.90.2.1:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Service123

(3)修改neutron配置文件/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

[keystone_authtoken]
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Service123

(4)修改ml2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = physnet1

(5)修改linuxbridge插件配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
[vlans]
network_vlan_ranges = physnet1 " 
[linux_bridge]
physical_interface_mappings = physnet1:em1
[securitygroup]
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

(6)修改链接、添加开机自动启动
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-linuxbridge-agent.service \
  /usr/lib/systemd/system/neutron-linuxbridge-agent.service.orig
sed -i 's,plugins/linuxbridge/ovs_neutron_plugin.ini,plugin.ini,g' \
  /usr/lib/systemd/system/neutron-linuxbridge-agent.service
systemctl enable libvirtd.service openstack-nova-compute.service neutron-linuxbridge-agent
systemctl start libvirtd.service neutron-linuxbridge-agent openstack-nova-compute.service

(7)创建linux虚拟机,glance镜像制作
qemu-img create -f qcow2 Centos-6.6x64-disk.img 10G
virt-install -n CentOS-6.6x64 -r 4096 --vcpu 2 \
 -c /data/CentOS-6.6-x86_64-bin-DVD1.iso \
 --disk path=/data/image/Centos-6.6x64-disk.img,device=disk,bus=virtio,size=30,format=qcow2 \
 --vnc --vncport=5903 --vnclisten=10.90.2.10 -v

 device=磁盘设备类型,cdrom,disk,floppy
bus=磁盘总线类型,ide,scsi,usb,virtio,xen
size=存储大小
 
关闭删除CentOS-6.6x64
virsh shutdown CentOS-6.6x64
virsh undefine CentOS-6.6x64

上传镜像
glance image-create --name "Centos-6.6x64" --file Centos-6.6x64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress