iaas的平台搭建

1.1安装CentOS7说明

【空白分区划分】
CentOS7的安装与CentOS6.5的安装有明显的区别。在CentOS7安装过程中,设置分区都需要一个挂载点,这样一来就无法创建两个空白的磁盘分区作为cinder服务和swift服务的存储磁盘了。
所以我们应该在系统安装过程中留下足够的磁盘大小,系统安装完成后,使用命令parted划分新分区,然后使用mkfs.xfs进行文件系统格式化,完成空白分区的划分。具体命令如下:
[root@compute ~]# parted /dev/md126
(parted) mkpart swift 702G 803G //创建swift分区,从702G到803G
[root@compute ~]# mkfs.xfs /dev/md126p5
1.2配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。
(1)controller节点
配置网络:
enp8s0: 192.168.100.10
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.10
PREFIX=24
GATEWAY=192.168.100.1

enp9s0: 192.168.200.10
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.10
PREFIX=24
配置主机名:
重启网卡命令 service network restart

hostnamectl set-hostname controller

按ctrl+d 退出 重新登陆
(2)compute 节点
配置网络:
enp8s0: 192.168.100.20
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.20
PREFIX=24
GATEWAY=192.168.100.1

enp9s0: 192.168.200.20
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.20
PREFIX=24

配置主机名:

hostnamectl set-hostname compute

按ctrl+d 退出 重新登陆

1.3配置yum源
#Controller和compute节点
(1)yum源备份
#mv /etc/yum.repos.d/* /opt/
(2)创建repo文件
【controller】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas-repo
gpgcheck=0
enabled=1

【compute】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=ftp://192.168.100.10/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://192.168.100.10/iaas-repo
gpgcheck=0
enabled=1

(3)挂载iso文件
【挂载CentOS-7-x86_64-DVD-1511.iso】
[root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/
[root@controller ~]# mkdir /opt/centos
[root@controller ~]# cp -rvf /mnt/* /opt/centos/
[root@controller ~]# umount /mnt/

【挂载XianDian-IaaS-v2.0-1228.iso】
[root@controller ~]# mount -o loop XianDian-IaaS-v2.0-1228.iso /mnt/
[root@controller ~]# cp -rvf /mnt/* /opt/
[root@controller ~]# umount /mnt/

(4)搭建ftp服务器,开启并设置自启
[root@controller ~]# yum install vsftpd –y
[root@controller ~]# vi /etc/vsftpd/vsftpd.conf
添加anon_root=/opt/
保存退出

[root@controller ~]# systemctl start vsftpd
[root@controller ~]# systemctl enable vsftpd

(5)关闭防火墙并设置开机不自启
【controller/compute】
systemctl stop firewalld
systemctl disable firewalld

(6)清除缓存,验证yum源
【controller/compute】

yum clean all

yum list

1.4编辑环境变量

controller和compute节点

yum install iaas-xiandian -y

编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数,根据每项参数上一行的说明及服务器实际情况进行配置。
HOST_IP=192.168.100.10
HOST_NAME=controller
HOST_IP_NODE=192.168.100.20
HOST_NAME_NODE=compute
RABBIT_USER=openstack
RABBIT_PASS=000000
DB_PASS=000000
DOMAIN_NAME=demo(自定义)
ADMIN_PASS=000000
DEMO_PASS=000000
KEYSTONE_DBPASS=000000
GLANCE_DBPASS=000000
GLANCE_PASS=000000
NOVA_DBPASS=000000
NOVA_PASS=000000
NEUTRON_DBPASS=000000
NEUTRON_PASS=000000
METADATA_SECRET=000000
INTERFACE_NAME=enp9s0(外网网卡名)
CINDER_DBPASS=000000
CINDER_PASS=000000
TROVE_DBPASS=000000
TROVE_PASS=000000
BLOCK_DISK=md126p4(空白分区名)
SWIFT_PASS=000000
OBJECT_DISK=md126p5(空白分区名)
STORAGE_LOCAL_NET_IP=192.168.100.20
HEAT_DBPASS=000000
HEAT_PASS=000000
CEILOMETER_DBPASS=000000
CEILOMETER_PASS=000000
AODH_DBPASS=000000
AODH_PASS=000000

1.5通过脚本安装服务
1.6-1.9的基础配置操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:

Controller节点和Compute节点

执行脚本iaas-pre-host.sh进行安装

安装完成后同时重启

[root@controller ~]# reboot

1.6安装Openstack包

controller和compute节点

yum -y install openstack-utils openstack-selinux python-openstackclient

yum upgrade

1.7配置域名解析
修改/etc/hosts添加一下内容
(1)controller 节点
20.0.0.10 controller
20.0.0.20 compute
(2)compute 节点
20.0.0.10 controller
20.0.0.20 compute
1.8配置防火墙和Selinux
编辑selinux文件

vi /etc/selinux/config

SELINUX=permissive
关闭防火墙并设置开机不自启

systemctl stop firewalld.service

systemctl disable firewalld.service

yum remove -y NetworkManager firewalld

yum -y install iptables-services

systemctl enable iptables

systemctl restart iptables

iptables -F

iptables -X

iptables -X

service iptables save

1.9安装ntp服务
(1)controller和compute节点

yum -y install ntp

(2)配置controller节点
编辑/etc/ntp.conf文件
添加以下内容(删除默认sever规则)
server 127.127.1.0
fudge 127.127.1.0 stratum 10
启动ntp服务器

service ntpd start

chkconfig ntpd on

(3)配置compute节点

ntpdate controller

chkconfig ntpdate on

1.10通过脚本安装服务
1.11-1.14基础服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:

Controller节点

执行脚本iaas-install-mysql.sh进行安装

1.11安装Mysql数据库服务

yum install mysql mysql-server MySQL-python

修改 /etc/my.cnf文件[mysqld]中添加
max_connections=10000
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8’
character-set-server = utf8
启动服务
#systemctl enable mariadb.service
#systemctl start mariadb.service
配置Mysql
#mysql_secure_installation
修改/usr/lib/systemd/system/mariadb.service
[Service]
新添加两行如下参数:
LimitNOFILE=10000
LimitNPROC=10000
重新加载系统服务,并重启mariadb服务

systemctl daemon-reload

service mariadb restart

按enter确认后设置数据库root密码
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
(2)compute节点
#yum -y install MySQL-python
1.12安装Mongo数据库服务
#yum install -y mongodb-server mongodb
编辑 /etc/mongod.conf文件
删除bind_ip行
修改 smallfiles = true
#systemctl enable mongod.service
#systemctl start mongod.service
1.13安装RabbitMQ服务

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service
systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack 000000
rabbitmqctl set_permissions openstack “." ".” “.*”
1.14安装memcahce
#yum install memcached python-memcached
systemctl enable memcached.service
systemctl restart memcached.service
2 安装Keystone认证服务
#Controller
2.1 通过脚本安装keystone服务
2.2-2.9的认证服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:

Controller节点

执行脚本iaas-install-keystone.sh进行安装。

2.2安装keystone服务软件包
yum install -y openstack-keystone httpd mod_wsgi
2.3创建Keystone数据库

mysql –u root -p(此处数据库密码为之前安装Mysql设置的密码)

mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
mysql> exit
2.4配置数据库连接
#openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
2.5为keystone服务创建数据库表
#su -s /bin/sh -c “keystone-manage db_sync” keystone
2.6创建令牌
#ADMIN_TOKEN=$(openssl rand -hex 10)
#openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
#openstack-config --set /etc/keystone/keystone.conf token provider fernet
2.7创建签名密钥和证书
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:
Listen 5000
Listen 35357


WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined


    Require all granted


WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined


    Require all granted

#systemctl enable httpd.service #systemctl start httpd.service 2.8定义用户、租户和角色 (1)设置环境变量 export OS_TOKEN=$ADMIN_TOKEN export OS_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 (2)创建keystone相关内容 openstack service create --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne identity public http://controller:5000/v3 openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 openstack domain create --description "Default Domain" default openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password 000000 admin openstack role create admin openstack role add --project admin --user admin admin openstack project create --domain default --description "Service Project" service openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password 000000 demo openstack role create user openstack role add --project demo --user demo user (3)清除环境变量 #unset OS_TOKEN OS_URL 2.9创建admin-openrc.sh 创建admin环境变量admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 生效环境变量 #source admin-openrc.sh 3 安装Glance镜像服务 #Controller 3.1 通过脚本安装glance服务 3.2-3.9的镜像服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下: # Controller 节点 执行脚本iaas-install-glance.sh进行安装

3.2 安装Glance镜像服务软件包

yum install -y openstack-glance

3.3创建Glance数据库
#mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
3.4配置文件创建数据库连接

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

#openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
3.5为镜像服务创建数据库表

su -s /bin/sh -c “glance-manage db_sync” glance

3.6创建用户
openstack user create --domain default --password 000000 glance
openstack role add --project service --user glance admin
3.7配置镜像服务
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /usr/share/glance/glance-api-dist-paste.ini
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /usr/share/glance/glance-registry-dist-paste.ini
3.8创建Endpoint和API端点
openstack service create --name glance --description “OpenStack Image” image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
3.9启动服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
3.10上传镜像
首先下载(Wget)提供的系统镜像到本地,本次以上传CentOS6.5x86_64镜像为例。
可以安装Wget,从Ftp服务器上下载镜像到本地。

source admin-openrc.sh

glance image-create --name “CentOS7.0” --disk-format qcow2 --container-format bare --progress < /opt/images/centos_7-x86_64_xiandian.qcow2

4 安装Nova计算服务
#Controller
4.1通过脚本安装nova服务
4.2-4.14计算服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-nova-controller.sh进行安装
#Compute节点
执行脚本iaas-install-nova-compute.sh进行安装

4.2安装Nova 计算服务软件包

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler

4.3创建Nova数据库

mysql -u root -p

mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> create database IF NOT EXISTS nova_api;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
修改数据库连接
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
4.4创建计算服务表
su -s /bin/sh -c “nova-manage db sync” nova
su -s /bin/sh -c “nova-manage api_db sync” nova
4.5创建用户
openstack user create --domain default --password 000000 nova
openstack role add --project service --user nova admin
4.6配置计算服务
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 20.0.0.10
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.10
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
4.7创建Endpoint和API端点
openstack service create --name nova --description “OpenStack Compute” compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
4.8启动服务
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
4.9验证Nova
#nova image-list

#Compute
4.10安装Nova计算服务软件包
yum install lvm2 -y
yum install openstack-nova-compute -y
4.11配置Nova服务
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.20
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.20
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://20.0.0.10:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf libvirt inject_key True
4.12检查系统处理器是否支持虚拟机的硬件加速
执行命令
#egrep -c ‘(vmx|svm)’ /proc/cpuinfo
(1)如果该命令返回一个1或更大的值,说明你的系统支持硬件加速,通常不需要额外的配置。
(2)如果这个指令返回一个0值,说明你的系统不支持硬件加速,你必须配置libvirt取代KVM来使用QEMU。

openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

4.13启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
4.14 清除防火墙
controller和compute节点
iptables -F
iptables -X
iptables -Z
/usr/libexec/iptables/iptables.init save
5 安装Neutron网络服务
#Controller节点
5.1通过脚本安装neutron服务
5.3-5.14网络服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-neutron-controller.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute.sh进行安装

5.2通过脚本创建neutron网络
5.15网络服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:

创建flat网络
#Controller节点
执行脚本iaas-install-neutron-controller-flat.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-flat.sh进行安装

创建gre网络
#Controller节点
执行脚本iaas-install-neutron-controller-gre.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-gre.sh进行安装

创建vlan网络
#Controller节点
执行脚本iaas-install-neutron-controller-vlan.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-vlan.sh进行安装

5.3创建Neutron数据库
#mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘000000’;
5.4创建用户
openstack user create --domain default --password 000000 neutron
openstack role add --project service --user neutron admin
5.5创建Endpoint和API端点
openstack service create --name neutron --description “OpenStack Networking” network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
5.6安装neutron网络服务软件包

yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables openstack-neutron-openvswitch

5.7配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 20.0.0.10
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT auto_assign_floating_ip True
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT scheduler_default_filters ‘AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter’
openstack-config --set /etc/nova/nova.conf DEFAULT compute_driver libvirt.LibvirtDriver
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 20.0.0.10
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000
5.8 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.9 创建数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c “neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
5.10 启动服务和创建网桥
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-openvswitch-agent neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service

#Compute节点
5.11 安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch –y
5.12 配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_is_fatal True
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_timeout 300
5.13 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.14 启动服务进而创建网桥
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-compute.service
systemctl restart openstack-nova-compute neutron-metadata-agent
systemctl restart neutron-openvswitch-agent
systemctl enable neutron-openvswitch-agent neutron-metadata-agent
5.15 选择Neutron网络模式
以下任意选择一种方式进行安装
5.15.1 Flat
#Controller节点
# source /etc/xiandian/openrc.sh

source /etc/keystone/admin-openrc.sh

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下:
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

#Compute节点

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下:
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

创建FLAT网络

Controller节点

tenantID=openstack project list | grep service | awk '{print $2}'
neutron net-create --tenant-id KaTeX parse error: Expected 'EOF', got '#' at position 108: …t1 5.15.2 Gre #̲Controller节点 op…minvlan:KaTeX parse error: Expected 'EOF', got '#' at position 655: …tron-l3-agent #̲Compute节点 opens…minvlan:$maxvlan(最小vlan号:最大vlanID号)
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex
ovs-vsctl add-br br-ex
修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下:
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令
ovs-vsctl add-port br-ex enp9s0
systemctl restart network
systemctl restart neutron-openvswitch-agent
创建Vlan网络

Controller节点

neutron net-create ext-net --router:external True --provider:physical_network physnet1 --provider:network_type flat
neutron net-create demo-net --tenant-id openstack project list |grep -w admin |awk '{print $2}' --provider:network_type vlan
6 安装Dashboard服务
6.1通过脚本安装dashboard服务
6.2-6.4dashboard的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller
执行脚本iaas-install-dashboard.sh进行安装

6.2安装Dashboard服务软件包

yum install openstack-dashboard –y

6.3配置
修改/etc/openstack-dashboard/local_settings内容如下
修改
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
TEMPLATE_DEBUG = DEBUG
WEBROOT = ‘/dashboard/’
ALLOWED_HOSTS = [’’,‘localhost’]
OPENSTACK_API_VERSIONS = {
“identity”: 3,
“volume”: 2,
“compute”: 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘default’
LOCAL_PATH = ‘/tmp’
SECRET_KEY=‘e2cf67af77d15971b311’
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
‘LOCATION’: ‘127.0.0.1:11211’,
},
}
EMAIL_BACKEND = ‘django.core.mail.backends.console.EmailBackend’
OPENSTACK_HOST = “controller”
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_KEYSTONE_BACKEND = {
‘name’: ‘native’,
‘can_edit_user’: True,
‘can_edit_group’: True,
‘can_edit_project’: True,
‘can_edit_domain’: True,
‘can_edit_role’: True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
‘can_set_mount_point’: False,
‘can_set_password’: False,
‘requires_keypair’: False,
}
OPENSTACK_CINDER_FEATURES = {
‘enable_backup’: False,
}
OPENSTACK_NEUTRON_NETWORK = {
‘enable_router’: True,
‘enable_quotas’: True,
‘enable_ipv6’: True,
‘enable_distributed_router’: False,
‘enable_ha_router’: False,
‘enable_lb’: True,
‘enable_firewall’: True,
‘enable_’: True,
‘enable_fip_topology_check’: True,
‘default_ipv4_subnet_pool_label’: None,
‘default_ipv6_subnet_pool_label’: None,
‘profile_support’: None,
‘supported_provider_types’: [’
’],
‘supported_vnic_types’: [’*’],
}
OPENSTACK_HEAT_STACK = {
‘enable_user_pass’: True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
“architecture”: _(“Architecture”),
“kernel_id”: _(“Kernel ID”),
“ramdisk_id”: _(“Ramdisk ID”),
“image_state”: _(“Euca2ools state”),
“project_id”: _(“Project ID”),
“image_type”: _(“Image Type”),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = “UTC”
POLICY_FILES_PATH = ‘/etc/openstack-dashboard’
LOGGING = {

}
SECURITY_GROUP_RULES = {

}
REST_API_REQUIRED_SETTINGS = [‘OPENSTACK_HYPERVISOR_FEATURES’,
‘LAUNCH_INSTANCE_DEFAULTS’]
6.4启动服务

systemctl restart httpd.service memcached.service

6.5访问
打开浏览器访问Dashboard
http://controller(或本机内网ip)/dashboard
注:检查防火墙规则,确保允许http服务相关端口通行,或者关闭防火墙。

6.6创建云主机(gre/vlan)
(1)管理员 → 网络 → 创建网络(内外网) → 创建子网(外网填服务器的外网网段)

(2)项目 → 网络 → 路由 → 新建路由 → 添加网关和内网接口

(3)项目 → 计算 → 访问安全 → 管理规则 → 添加规则(ICMP、TCP、UDP)

(4)项目 → 计算 → 云主机 → 创建云主机 → 绑定浮动IP

7 安装Cinder块存储服务
7.1 通过脚本安装Cinder服务
7.2-7.13块存储服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller
执行脚本iaas-install-cinder-controller.sh进行安装
#Compute节点
执行脚本iaas-install-cinder-compute.sh进行安装

7.2 安装Cinder块存储服务软件包

yum install openstack-cinder

修改权限配置文件,修改文件/etc/cinder/policy.json,将consistencygroup权限修改为空,修改如下:
“consistencygroup:create” : “”,
“consistencygroup:delete”: “”,
“consistencygroup:update”: “”,
“consistencygroup:get”: “”,
“consistencygroup:get_all”: “”,
“consistencygroup:create_cgsnapshot” : “”,
“consistencygroup:delete_cgsnapshot”: “”,
“consistencygroup:get_cgsnapshot”: “”,
“consistencygroup:get_all_cgsnapshots”: “”,
7.3 创建数据库

mysql -u root -p

mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’ IDENTIFIED BY ‘000000’;
7.4 创建用户
openstack user create --domain default --password 000000 cinder
openstack role add --project service --user cinder admin
7.5 创建Endpoint和API端点
openstack service create --name cinder --description “OpenStack Block Storage” volume
openstack service create --name cinderv2 --description “OpenStack Block Storage” volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%(tenant_id)s
7.6 配置Cinder服务
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:000000@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 20.0.0.10
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
7.7 创建数据库

su -s /bin/sh -c “cinder-manage db sync” cinder

7.8 启动服务

systemctl restart openstack-nova-api.service

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service

systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service

7.9 安装块存储软件
yum install lvm2 targetcli python-keystone openstack-cinder -y
7.10 创建LVM物理和逻辑卷
以磁盘/dev/sda为例

pvcreate /dev/sda

vgcreate cinder-volumes /dev/sda

7.11 修改Cinder配置文件
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:000000@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 20.0.0.20
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
7.12 重启服务
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
7.13 验证
#Controller
使用cinder create 创建一个新的卷

cinder create --display-name myVolume 1

通过cinder list 命令查看是否正确创建

cinder list

8 安装Swift对象存储服务
#Controller节点

source admin-openrc.sh

8.1通过脚本安装Swift服务
8.2-8.12对象存储服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller
执行脚本iaas-install-swift-controller.sh进行安装
#Compute节点
执行脚本iaas-install-swift-compute.sh进行安装
执行过程中需要确认登录controller节点和输入controller节点root用户密码。
8.2创建用户
openstack user create --domain default --password 000000 swift
openstack role add --project service --user swift admin
8.3创建Endpoint和API端点
openstack service create --name swift --description “OpenStack Object Storage” object-store
openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1
8.4 编辑/etc/swift/proxy-server.conf
编辑配置文件如下
[DEFAULT]
bind_port = 8080
swift_dir = /etc/swift
user = swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 000000
delay_auth_decision = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
memcache_servers = controller:11211
use = egg:swift#memcache
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
8.5 创建账号、容器、对象
存储节点存储磁盘名称以sdb为例
swift-ring-builder account.builder create 18 1 1
swift-ring-builder account.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder create 10 1 1
swift-ring-builder container.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder create 10 1 1
swift-ring-builder object.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
8.6 编辑/etc/swift/swift.conf文件
编辑如下
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
8.7 启动服务和赋予权限
chown -R root:swift /etc/swift
systemctl enable openstack-swift-proxy.service memcached.service
systemctl restart openstack-swift-proxy.service memcached.service
#Compute节点
8.8 安装软件包
存储节点存储磁盘名称以sdb为例

yum install xfsprogs rsync openstack-swift-account openstack-swift-container openstack-swift-object –y

mkfs.xfs -i size=1024 -f /dev/sdb

echo “/dev/sdb /swift/node xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0” >> /etc/fstab

mkdir -p /swift/node

mount /dev/sdb /swift/node

scp controller:/etc/swift/*.ring.gz /etc/swift/

8.9 配置rsync
(1)编辑/etc/rsyncd.conf文件如下
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
uid = swift
gid = swift
address = 127.0.0.1
[account]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/account.lock
[container]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/container.lock
[object]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/object.lock
[swift_server]
path = /etc/swift
read only = true
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 5
lock file = /var/lock/swift_server.lock
(2)启动服务
systemctl enable rsyncd.service
systemctl restart rsyncd.service
8.10 配置账号、容器和对象
(1)修改/etc/swift/account-server.conf配置文件
[DEFAULT]
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon account-server
[app:account-server]
use = egg:swift#account
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[account-replicator]
[account-auditor]
[account-reaper]
[filter:xprofile]
use = egg:swift#xprofile
(2)修改/etc/swift/container-server.conf配置文件
[DEFAULT]
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon container-server
[app:container-server]
use = egg:swift#container
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
[filter:xprofile]
use = egg:swift#xprofile
(3)修改/etc/swift/object-server.conf配置文件
[DEFAULT]
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon object-server
[app:object-server]
use = egg:swift#object
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
[object-replicator]
[object-reconstructor]
[object-updater]
[object-auditor]
[filter:xprofile]
use = egg:swift#xprofile
8.11 修改Swift配置文件
修改/etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
8.12 重启服务和赋予权限
chown -R swift:swift /swift/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
chown -R root:swift /etc/swift

systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl restart openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl restart openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
systemctl restart openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
9 安装Trove服务
9.1 执行脚本进行安装
9.2-9.11编配服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-trove.sh进行安装
需注意安装Trove服务之前需要配置好网络(flat或gre),创建好子网,并确认系统已经安装swift和cinder两个服务,否则安装会失败。
9.2 安装Trove数据库服务的软件包

yum install openstack-trove-guestagent openstack-trove python-troveclient openstack-trove-ui –y

9.3 创建数据库

mysql -u root -p

mysql> CREATE DATABASE trove;
mysql> GRANT ALL PRIVILEGES ON trove.* TO trove@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON trove.* TO trove@’%’ IDENTIFIED BY ‘000000’;
9.4 创建用户

openstack user create --domain $DOMAIN_NAME --password 000000 trove

openstack role add --project service --user trove admin

openstack service create --name trove --description “Database” database

9.5 创建Endpoint和API端点

openstack endpoint create --region RegionOne database public http:// controller:8779/v1.0/%(tenant_id)s

openstack endpoint create --region RegionOne database internal http:// controller:8779/v1.0/%(tenant_id)s

openstack endpoint create --region RegionOne database admin http:// controller:8779/v1.0/%(tenant_id)s

9.6 配置trove.conf文件
openstack-config --set /etc/trove/trove.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove.conf DEFAULT log_file trove-api.log
openstack-config --set /etc/trove/trove.conf DEFAULT trove_auth_url http://controller:35357/v2.0
openstack-config --set /etc/trove/trove.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_tenant_name admin
openstack-config --set /etc/trove/trove.conf DEFAULT nova_compute_service_type compute
openstack-config --set /etc/trove/trove.conf DEFAULT cinder_service_type volumev2
openstack-config --set /etc/trove/trove.conf DEFAULT network_driver trove.network.neutron.NeutronDriver
openstack-config --set /etc/trove/trove.conf DEFAULT default_neutron_networks (网络的ID)
openstack-config --set /etc/trove/trove.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/trove/trove.conf DEFAULT add_addresses True
openstack-config --set /etc/trove/trove.conf DEFAULT network_label_regex .*
openstack-config --set /etc/trove/trove.conf DEFAULT api_paste_config api-paste.ini
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove.conf database connection mysql://trove:000000@controller/trove
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_type password
openstack-config --set /etc/trove/trove.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/trove/trove.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/trove/trove.conf keystone_authtoken project_name service
openstack-config --set /etc/trove/trove.conf keystone_authtoken username trove
openstack-config --set /etc/trove/trove.conf keystone_authtoken password 000000
9.7 配置trove-taskmanager.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT log_file trove-taskmanager.log
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT trove_auth_url http://controller:5000/v2.0
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_compute_url http://controller:8774/v2.1
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config crudini --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_tenant_id $(openstack project list |grep -w ‘admin’ |awk ‘{print $2}’)
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT notification_driver messagingv2
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT network_driver trove.network.neutron.NeutronDriver
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT default_neutron_networks (网络ID)
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT network_label_regex .*
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT guest_config /etc/trove/trove-guestagent.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT guest_info guest_info.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT injected_config_location /etc/trove/conf.d
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT cloudinit_location /etc/trove/cloudinit
sed -i ‘/exists_notification/s//#/’ /etc/trove/trove-taskmanager.conf
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove-taskmanager.conf database connection mysql://trove:000000@controller/trove
9.8 配置trove-conductor.conf文件
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT log_file trove-conductor.log
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT trove_auth_url http://controller:5000/v2.0
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_tenant_name admin
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove-conductor.conf database connection mysql://trove:000000@controller/trove
9.9 配置trove-guestagent.conf文件
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_tenant_id $(openstack project list |grep -w ‘admin’ |awk ‘{print $2}’)
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT trove_auth_url http://192.168.100.10:35357/v2.0
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT swift_url http://192.168.100.10:8080/v1/AUTH_
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT os_region_name RegionOne
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT swift_service_type object-store
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT log_file trove-guestagent.log
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_password 000000
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_host 192.168.100.10
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_userid openstack
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_port 5672
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_host 192.168.100.10
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_password 000000
9.10 同步数据库

su -s /bin/sh -c “trove-manage db_sync” trove

9.11 启动服务

service httpd restart

systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service openstack-trove-conductor.service

systemctl restart openstack-trove-api.service openstack-trove-taskmanager.service openstack-trove-conductor.service

9.12 上传镜像
将提供的MySQL_5.6_xiandian.qcow2 上传到系统内

glance image-create --name “mysql-5.6” --disk-format qcow2 --container-format bare --progress < MySQL_5.6_XD.qcow2

9.13 创建数据库存储

trove-manage datastore_update mysql ‘’

9.14 使用上传的镜像更新数据库

glance_id=$(glance image-list | awk ‘/ mysql-5.6 / { print $2 }’)

trove-manage datastore_version_update mysql mysql-5.6 mysql ${glance_id} ‘’ 1

9.15 启动数据库实例
使用m1.small类型启动名称为mysql-1、大小为5G、创建数据库名称为myDB,用户为user,密码为r00tme,创建过程一般需要3-4分钟。

FLAVOR_ID=$(openstack flavor list | awk ‘/ m1.small / { print $2 }’)

trove create mysql-1 ${FLAVOR_ID} --size 5 --databases myDB --users user:r00tme --datastore_version mysql-5.6 --datastore mysql

创建完成后查询trove列表
[root@controller ~]# trove list
±-------------------------------------±--------±----------±------------------±-------±----------±-----+
| ID | Name | Datastore | Datastore Version | Status | Flavor ID | Size |
±-------------------------------------±--------±----------±------------------±-------±----------±-----+
| b9c9208d-5bca-434a-b258-127ff8496c5e | mysql-1 | mysql | mysql-5.6 | ACTIVE | 2 | 5 |
±-------------------------------------±--------±----------±------------------±-------±----------±-----+
trove数据库网页访问数据库备份模块可能会出现异常,可以通过命令行完成相关操作。
10 安装Heat编配服务

Controller节点

10.1通过脚本安装heat服务
10.2-10.8编配服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-heat.sh进行安装

10.2安装heat编配服务软件包

yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine –y

10.3创建数据库

mysql -u root -p

mysql> CREATE DATABASE heat;
mysql> GRANT ALL PRIVILEGES ON heat.* TO ‘heat’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON heat.* TO ‘heat’@’%’ IDENTIFIED BY ‘000000’;
10.4创建用户
openstack user create --domain default --password 000000 heat
openstack role add --project service --user heat admin
openstack domain create --description “Stack projects and users” heat
openstack user create --domain heat --password 000000 heat_domain_admin
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
openstack role create heat_stack_owner
openstack role add --project demo --user demo heat_stack_owner
openstack role create heat_stack_user
10.5创建Endpoint和API端点
openstack service create --name heat --description “Orchestration” orchestration
openstack service create --name heat-cfn --description “Orchestration” cloudformation
openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1
openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1
openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1
10.6配置Heat服务
openstack-config --set /etc/heat/heat.conf database connection mysql+pymysql://heat:000000@controller/heat
openstack-config --set /etc/heat/heat.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/heat/heat.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/heat/heat.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_type password
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_name service
openstack-config --set /etc/heat/heat.conf keystone_authtoken username heat
openstack-config --set /etc/heat/heat.conf keystone_authtoken password 000000
openstack-config --set /etc/heat/heat.conf trustee auth_plugin password
openstack-config --set /etc/heat/heat.conf trustee auth_url http://controller:35357
openstack-config --set /etc/heat/heat.conf trustee username heat
openstack-config --set /etc/heat/heat.conf trustee password 000000
openstack-config --set /etc/heat/heat.conf trustee user_domain_name default
openstack-config --set /etc/heat/heat.conf clients_keystone auth_uri http://controller:35357
openstack-config --set /etc/heat/heat.conf trustee ec2authtoken auth_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url http://controller:8000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://controller:8000/v1/waitcondition
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin heat_domain_admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password 000000
openstack-config --set /etc/heat/heat.conf DEFAULT stack_user_domain_name heat
10.7创建数据库
su -s /bin/sh -c “heat-manage db_sync” heat
10.8启动服务
systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
systemctl restart openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
11 安装Ceilometer监控服务
11.1通过脚本安装Ceilometer服务
11.2-11.10ceilometer监控服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-ceilometer-controller.sh进行安装
#Compute节点
执行脚本iaas-install-ceilometer-compute.sh进行安装

11.2 安装Ceilometer监控服务软件包

yum install -y openstack-ceilometer-api openstack-ceilometer-collector openstack-ceilometer-notification openstack-ceilometer-central python-ceilometerclient python-ceilometermiddleware

11.3 创建数据库
数据库启动之后需要等待几秒后开始创建,否则会出现报错。

mongo --host controller --eval ’ db = db.getSiblingDB(“ceilometer”); db.addUser({user: “ceilometer”, pwd: “000000”, roles: [ “readWrite”, “dbAdmin” ]})’

11.4 创建用户

openstack user create --domain default --password 000000 ceilometer

openstack role add --project service --user ceilometer admin

openstack role create ResellerAdmin

openstack role add --project service --user ceilometer ResellerAdmin

11.5 创建Endpoint和API端点

openstack service create --name ceilometer --description “Telemetry” metering

openstack endpoint create --region RegionOne metering public http://controller:8777

openstack endpoint create --region RegionOne metering internal http://controller:8777

openstack endpoint create --region RegionOne metering admin http://controller:8777

11.6 配置Ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf database connection mongodb://ceilometer:000000@controller:27017/ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken memcached_servers controller:11211

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_type password

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken user_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_name service

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken username ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_type password

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_url http://controller:5000/v3

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials user_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_name service

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials username ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials interface internalURL

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials region_name RegionOne

11.7 启动服务
systemctl enable openstack-ceilometer-api.service openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service
systemctl restart openstack-ceilometer-api.service openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service
11.8 监控组件
openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_notifications driver messagingv2
openstack-config --set /etc/glance/glance-registry.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_notifications driver messagingv2
systemctl restart openstack-glance-api.service openstack-glance-registry.service
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_notifications driver messagingv2
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
openstack-config --set /etc/swift/proxy-server.conf filter:keystoneauth operator_roles “admin, user, ResellerAdmin”
openstack-config --set /etc/swift/proxy-server.conf pipeline:main pipeline “ceilometer catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server”
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer paste.filter_factory ceilometermiddleware.swift:filter_factory
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer url rabbit://openstack:000000@controller:5672/
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer driver messagingv2
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer topic notifications
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer log_level WARN
systemctl restart openstack-swift-proxy.service

compute 节点

11.9 安装软件包
yum install openstack-ceilometer-compute python-ceilometerclient python-pecan –y
11.10 配置Ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_type password
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_name service
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken username ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_type password
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_url http://controller:5000/v3
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials user_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_name service
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials username ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials password 000000
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials interface internalURL
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials region_name RegionOne

openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit True
openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
openstack-config --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
openstack-config --set /etc/nova/nova.conf DEFAULT notification_driver messagingv2
12 安装Alarm监控服务
12.1通过脚本安装alarm服务
12.2-12.8 Alarm监控服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:
#Controller节点
执行脚本iaas-install-alarm.sh进行安装

12.2 创建数据库

mysql -u root -p

mysql> CREATE DATABASE aodh;
mysql> GRANT ALL PRIVILEGES ON aodh.* TO aodh@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON aodh.* TO aodh@’%’ IDENTIFIED BY ‘000000’;
12.3 创建keystone用户
openstack user create --domain default --password 000000 aodh
openstack role add --project service --user aodh admin
12.4 创建Endpoint和API
openstack service create --name aodh --description “Telemetry” alarming
openstack endpoint create --region RegionOne alarming public http://controller:8042
openstack endpoint create --region RegionOne alarming internal http://controller:8042
openstack endpoint create --region RegionOne alarming admin http://controller:8042
12.5 安装软件包
yum install -y openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python-ceilometerclient
12.6 配置aodh
openstack-config --set /etc/aodh/aodh.conf database connection mysql+pymysql://aodh:000000@controller/aodh
openstack-config --set /etc/aodh/aodh.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/aodh/aodh.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_type password
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken project_name service
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken username aodh
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken password 000000
openstack-config --set /etc/aodh/aodh.conf service_credentials auth_type password
openstack-config --set /etc/aodh/aodh.conf service_credentials auth_url http://controller:5000/v3
openstack-config --set /etc/aodh/aodh.conf service_credentials project_domain_name default
openstack-config --set /etc/aodh/aodh.conf service_credentials user_domain_name default
openstack-config --set /etc/aodh/aodh.conf service_credentials project_name service
openstack-config --set /etc/aodh/aodh.conf service_credentials username aodh
openstack-config --set /etc/aodh/aodh.conf service_credentials password 000000
openstack-config --set /etc/aodh/aodh.conf service_credentials interface internalURL
openstack-config --set /etc/aodh/aodh.conf service_credentials region_name RegionOne
openstack-config --set /etc/aodh/api_paste.ini filter:authtoken oslo_config_project aodh
12.7 同步数据库
su -s /bin/sh -c “aodh-dbsync” aodh
12.8 启动服务
systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service
systemctl restart openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service

13.添加控制节点资源到云平台
13.1 修改openrc.sh
把compute节点的IP和主机名改为controller节点的IP和主机名

13.2 运行iaas-install-nova-compute.sh
在控制节点运行iaas-install-nova-compute.sh
14 系统卸载
系统提供一键卸载脚本,节点运行iaas-uninstall-all.sh脚本,脚本卸载当前节点的所有云平台数据,如果卸载节点为controller节点则会清除所有的数据(此时云平台也被清空),如果卸载节点为compute节点则会删除compute节点的数据。
15 Xindian-IaaS-2.0版本升级说明:
Xiandian-IaaS-2.0基于Openstack Mitaka版本开发,与Xandian-IaaS-1.4版版本是基于OpenStack Icehouse版本开发的区别。
1)操作系统从CentOS6.5升级到了cenots7,系统内核版本从2.x版本到了3.0本以上。
2)OpenStack的版本从I版本升级到了M版本,相比较I版本,具体来说,M版本重点提升了云部署者和管理者日常使用的便携性。M版本对OpenStack的命令做了集成,使之集成在OpenStack下,形成一个统一的整体,便于工程师理解记忆运维命令。
3)Xindian-IaaS-2.0版本消息服务从qpid服务升级到了轻量级的rabbitMQ服务,减少了系统的负载。
4)Xindian-IaaS-2.0版本新增了Alarm监控服务,提供了数字化监控平台,减少系统的安全隐患。
5)在网络安装部分,Dashboard界面有改动,更结构化,部分功能有改动,更趋向于软件定义网络的思想

你可能感兴趣的:(运维,大数据,linux)