几分钟搞定 Openstack 环境搭建

 

1.[ntp安装]

ntp主要为同步时间所用,时间不同步,可能造成你不能创建云主机

yum install chrony

 vi /etc/chrony.conf增加

  server NTP_SERVER iburst

  allow 你的IP地址网段(允许你的ip地址网段可以访问ntp)

  systemctl enable chronyd.service(加入系统自启动)

  systemctl start chronyd.service(启动ntp服务)

  

  注意:在centos7以前的版本安装ntp

  yum install ntp

   ntpdate time.nist.gov(同步时钟)

   hwclock -w (写入bios)

2.[openstack packages]

安装openstack最新的源:

 yum install centos-release-openstack-mitaka

 yum install https://rdoproject.org/repos/rdo-release.rpm

 yum upgrade (更新源)

 yum install python-openstackclient(安装opentack必须的插件)

 yum install openstack-selinux(可选则安装这个插件,我直接关闭了selinux,因为不熟,对后续不会有影响)

 3.[database]

 openstack支持很多的数据库,MySQL or PostgreSQL等

 这里我们使用mysql。

 yum install mariadb mariadb-server python2-PyMySQL(mariadb是mysql的新版本而已,无需惊讶)

 vi  /etc/my.cnf

 加入:

 [mysqld]

bind-address = 192.168.1.48(安装mysql的机器的IP地址)

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

character-set-server = utf8

将mysql加入自启动

systemctl enable mariadb.service

启动mysql

systemctl start mariadb.service

设置mysql属性:

直接输入脚本命令:

 mysql_secure_installation

 按照相关设置即可

 注意:注意检查mysqld是否运行。3306端口是否起来

 

 3.[rabbitmq]

 安装openstack的消息使者rabbitmq,如果rabbitmq没有运行起来,你的整openstack平台将无法使用。rabbitmq使用5672端口。

 yum install rabbitmq-server

 systemctl enable rabbitmq-server.service(加入自启动)

 systemctl start rabbitmq-server.service(启动)

 rabbitmqctl add_user openstack RABBIT_PASS(增加用户openstack,密码自己设置替换掉RABBIT_PASS)

 rabbitmqctl set_permissions openstack ".*" ".*" ".*"(给新增的用户授权,没有授权的用户将不能接受和传递消息)

 

 4.[memcached]

 memcache为选择安装项目。使用端口11211

 yum install memcached python-memcached

 systemctl enable memcached.service

 systemctl start memcached.service

 5.[keystone认证服务]

 注意:在之前需要设置好hosts解析,控制节点和计算节点都要做。我的为:

 192.168.1.48 control

 192.168.1.49 compute

 登录数据库创建keystone数据库。

 mysql -u root -p

 CREATE DATABASE keystone;

 设置授权用户和密码:

 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

  IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

  IDENTIFIED BY '密码';

  生成admin_token的随机值:

openssl rand -hex 10 

  安装keystone

   yum install openstack-keystone httpd mod_wsgi

   vi /etc/keystone/keystone.conf

   使用刚刚生成的随机值替换掉:

   admin_token = 随机值(主要为安全,也可以不用替换)

   配置数据库连接:

   connection = mysql+pymysql://keystone:密码@数据库ip地址/keystone

   

   设置:provider = fernet、

   同步keystone数据库:keystone-manage db_sync(一点要查看数据库是否生成表成功)

   

   初始化keys:

    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置apache:

vi  /etc/httpd/conf/httpd.conf

将ServerName 后面改成主机名,防止启动报错

     ServerName control

 

生成wsgi配置文件:

vi /etc/httpd/conf.d/wsgi-keystone.conf加入:

Listen 5000

Listen 35357

    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

   

        Require all granted

   

    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

   

        Require all granted

   

启动httpd:

systemctl enable httpd.service

systemctl start httpd.service


6.[创建keystone的service目录和endpoint]

 export OS_TOKEN=上面生成的随机值

 export OS_URL=http://control:35357/v3

 export OS_IDENTITY_API_version=3

 创建keystone的service:

  openstack service create --name keystone --description "OpenStack Identity" identity (identity这个认证类型一定不可以错)

  创建keystone的endpoint:

  openstack endpoint create --region RegionOne \

  identity public http://control:5000/v3

    openstack endpoint create --region RegionOne \

  identity internel  http://control:5000/v3

  

    openstack endpoint create --region RegionOne \

  identity admin  http://control:35357/v3

  

  7.[创建域,用户,租户,角色]

  创建默认域default:

  openstack domain create --description "Default Domain" default

  创建admin的租户:

  openstack project create --domain default \

  --description "Admin Project" admin

  创建admin用户:

  openstack user create --domain default \

  --password-prompt admin(会提示输入密码为登录dashboard的密码)

  创建admin角色:

  openstack role create admin

  将用户租户角色连接起来:

  openstack role add --project admin --user admin admin

  

  创建服务目录:

   openstack project create --domain default \

  --description "Service Project" service

  创建demo信息类似admin:

   openstack project create --domain default \

  --description "Demo Project" demo

  openstack user create --domain default \

  --password-prompt demo

  openstack role create user

  openstack role add --project demo --user demo user

  

  创建完成之后可以使用命令验证:

  openstack --os-auth-url http://control:35357/v3 \

  --os-project-domain-name default --os-user-domain-name default \

  --os-project-name admin --os-username admin token issue

  输入密码之后,有正确的输出即为配置正确。

  

  可将环境变量设置为脚本:

  vi admin-openrc 加入:

  export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=xxxx

export OS_AUTH_URL=http://control:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

demo的变量类似即可。

运行使用 . admin-openrc或者使用source admin-openrc

验证输入命令:

openstack token issue

有正确的输出即为配置正确。


8.[glance镜像服务]

建立glance数据

登录mysql

mysql -u root -p

CREATE DATABASE glance;

授权

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

  IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

  IDENTIFIED BY '密码';

  运行环境变量:

  . admin-openrc

  创建glance用户信息:

   openstack user create --domain default --password-prompt glance

   openstack role add --project service --user glance admin

  创建镜像服务目录:

  openstack service create --name glance \

  --description "OpenStack Image" image

  创建镜像endpoint:

  penstack endpoint create --region RegionOne \

  image public http://control:9292

  penstack endpoint create --region RegionOne \

  image internal http://control:9292

  penstack endpoint create --region RegionOne \

  image admin http://control:9292

  

  安装:

  yum install openstack-glance

vi  /etc/glance/glance-api.conf

  配置数据库连接:

  connection = mysql+pymysql://glance:密码@数据库ip/glance

  找到[keystone_authtoken](配置认证)

  加入:

  auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到:[paste_deploy]

flavor = keystone

 找到[glance_store] 

 stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

编辑/etc/glance/glance-registry.conf

找到[database]

connection = mysql+pymysql://glance:密码@数据库ip/glance

找到[keystone_authtoken](配置认证)

  加入:

  auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到:[paste_deploy]

flavor = keystone

同步数据库:

glance-manage db_sync

启动glance:

systemctl enable openstack-glance-api.service \

  openstack-glance-registry.service

   systemctl start openstack-glance-api.service \

  openstack-glance-registry.service

  

  验证:

  运行环境变量:

  . admin-openrc

  下载一个比较小的镜像:

  wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

  上传镜像:

  openstack image create "cirros" \

  --file cirros-0.3.4-x86_64-disk.img \

  --disk-format qcow2 --container-format bare \

  --public

  查看:

  openstack image list

  有输出 证明glance配置正确

  

 9.[nova 控制节点]

 建立nova的数据库:、

 mysql -u root -p

 CREATE DATABASE nova_api;

CREATE DATABASE nova;

授权:

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

  IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

  IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

  IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

  IDENTIFIED BY '密码';

  运行环境变量:

  . admin-openrc

  创建nova用户:

  openstack user create --domain default \

  --password-prompt nova

  openstack role add --project service --user nova admin

  创建计算服务:

  openstack service create --name nova \

  --description "OpenStack Compute" compute

  

  创建endpoint:

  openstack endpoint create --region RegionOne \

  compute public http://control:8774/v2.1/%\(tenant_id\)s

   openstack endpoint create --region RegionOne \

  compute internal http://control:8774/v2.1/%\(tenant_id\)s

   openstack endpoint create --region RegionOne \

  compute admin http://control:8774/v2.1/%\(tenant_id\)s

  安装:

  yum install openstack-nova-api openstack-nova-conductor \

  openstack-nova-console openstack-nova-novncproxy \

  openstack-nova-scheduler

  编辑/etc/nova/nova.conf 

  找到:[DEFAULT]

  enabled_apis = osapi_compute,metadata

  找到:

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

my_ip = ip地址

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[glance]

api_servers = http://control:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

同步数据库:

nova-manage api_db sync

nova-manage db sync

启动服务:

systemctl enable openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

  

  systemctl start openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

  

  10.[nova计算节点]

  yum install openstack-nova-compute

  编辑/etc/nova/nova.conf

  

  [DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = xxx

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

...

my_ip =计算节点ip地址

[DEFAULT]

...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

...

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://control:6080/vnc_auto.html

[glance]

...

api_servers = http://controller:9292

[oslo_concurrency]

...

lock_path = /var/lib/nova/tmp

注意:

egrep -c '(vmx|svm)' /proc/cpuinfo

如果为0则需要修改/etc/nova/nova.conf

[libvirt]

...

virt_type = qemu

为大于0则不需要

启动:

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

在控制节点验证:

运行环境变量:

. admin-openrc

 openstack compute service list

 输出正常即为配置正确

 

 

 11.[neutron 控制节点]

 

 创建neutron数据库

  mysql -u root -p

  CREATE DATABASE neutron;

  GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

  运行环境变量:

   . admin-openrc

   创建用户:

   openstack user create --domain default --password-prompt neutron

   openstack role add --project service --user neutron admin

   创建网络服务:

   openstack service create --name neutron \

  --description "OpenStack Networking" network

  创建neutron endpoint

   openstack endpoint create --region RegionOne \

  network public http://control:9696

   openstack endpoint create --region RegionOne \

  network internal http://control:9696

  openstack endpoint create --region RegionOne \

  network admin http://control:9696

  创建vxlan网络:

  yum install openstack-neutron openstack-neutron-ml2 \

  openstack-neutron-linuxbridge ebtables

  编辑:/etc/neutron/neutron.conf 

  [database]

...

connection = mysql+pymysql://neutron:密码@control/neutron

[DEFAULT]

...

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

[DEFAULT]

...

rpc_backend = rabbit

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[DEFAULT]

...

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

[nova]

...

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置ml2扩展:

编辑:/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

...

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

...

flat_networks = provider

[ml2_type_vxlan]

...

vni_ranges = 1:1000

[securitygroup]

...

enable_ipset = True

配置网桥:

编辑:/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:使用的网卡名称

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置3层网络:

编辑:/etc/neutron/l3_agent.ini 

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

配置dhcp:

编辑:/etc/neutron/dhcp_agent.ini 

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = http://mrdeng.blog.51cto.com/3736360/True

配置metadata agent

编辑:/etc/neutron/metadata_agent.ini 

[DEFAULT]

...

nova_metadata_ip = controller

metadata_proxy_shared_secret = METADATA_SECRET

编辑/etc/nova/nova.conf

[neutron]

...

url = http://control:9696

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

service_metadata_proxy = True

metadata_proxy_shared_secret = METADATA_SECRET

创建扩展连接:

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

启动:

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

  neutron-metadata-agent.service

  

  systemctl start neutron-server.service \

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

  neutron-metadata-agent.service

  

  systemctl enable neutron-l3-agent.service

  systemctl start neutron-l3-agent.service


  12.[neutron计算节点]

  yum install openstack-neutron-linuxbridge ebtables ipset

  编辑: /etc/neutron/neutron.conf 

  [DEFAULT]

...

rpc_backend = rabbit

auth_strategy = keystone

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置vxlan

编辑:/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

编辑/etc/nova/nova.conf

[neutron]

...

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

启动:

 systemctl restart openstack-nova-compute.service

 systemctl enable neutron-linuxbridge-agent.service

 systemctl enable neutron-linuxbridge-agent.service

 

 验证:

 运行环境变量:

 . admin-openrc

  neutron ext-list

  输出正常即可

  

  13.[dashboard]

  yum install openstack-dashboard

  编辑:/etc/openstack-dashboard/local_settings

  OPENSTACK_HOST = "control"

  ALLOWED_HOSTS = ['*', ]

  

  

 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

 

 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

 OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 2,

}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

启动:

systemctl restart httpd.service memcached.service

到此openstack安装完,你可以去dashboard上面去创建云主机了。

参考文献:http://docs.openstack.org/mitaka/install-guide-rdo/common/conventions.html


你可能感兴趣的:(openstack)